11.04.2020 by Jonatan Zint

Certbot DNS-01 challenge with Hetzner DNS

We wrote a certbot plugin to support the new Hetzner DNS API

While doing our work as software developers and sometimes devops engineers we all too often stumble across a piece of Open Source Software we desperately need for our current task, but is dysfunctional or missing a feature. Being busy people we tend to then move on to the next alternative or build hasty workarounds for the problem. But not always! This time we spend some effort and share our solution for a recent problem.
For some of our internal services we need wildcard certificates from letsencrypt. Those are only available via DNS-01 challenge .
Our DNS provider being Hetzner their DNS configuration did not have API access, only a web form that actually had a cool but pretty flaky and hacky solution for automated DNS challenging . They recently introduced a new configuration interface for DNS alongside with a new API . Making the old approach unusable it enabled us to write an actual DNS provider plugin for certbot - the official CLI tool for letsencrypt. In the process we had some opportunity to fiddle with some fancy new tech like GitHub Actions .

We hope some other Hetzner customers will find our little plugin helpful which is available on Github and pypi.org