Get Rewarded! We will reward you with up to €50 credit on your account for every tutorial that you write and we publish!
ProductsContributeDocsCareer

DNS Validated Let's Encrypt Certificates

profile picture
Author
dschoeffm
Published
2020-05-13
Time to read
3 minutes reading time
Table of Contents

Introduction

In order to help users encrypt traffic to your server, you need a valid TLS/SSL certificate. Let's Encrypt is an organization which issues such certificates for free. However, you have to prove ownership over the domain, for which you want the certificate. This tutorial guides you through getting a wildcard certificate for your domain, while using the Hetzner DNS service and its API.

The route this tutorial takes is one of many. Depending on your personal preference you may also like to take a look at this project: https://github.com/ctrlaltcoop/certbot-dns-hetzner

Prerequisites

You need the following things to get started:

  • A server
  • A Domain: <example.com>
  • Your Domain is set up to use the Hetzner DNS service (not covered here)

This tutorial assumes you are using Ubuntu 18.04 or 20.04, however this should also work on other Linux systems.

Step 1 - Install Dependencies

We will make use of curl, jq and certbot. You need to install those:

apt update
apt install curl jq certbot

Additionally we also need some glue between certbot and Hetzner's DNS API:

curl https://raw.githubusercontent.com/dschoeffm/hetzner-dns-certbot/master/certbot-hetzner-auth.sh > /usr/local/bin/certbot-hetzner-auth.sh
curl https://raw.githubusercontent.com/dschoeffm/hetzner-dns-certbot/master/certbot-hetzner-cleanup.sh > /usr/local/bin/certbot-hetzner-cleanup.sh
chmod +x /usr/local/bin/certbot-hetzner-auth.sh
chmod +x /usr/local/bin/certbot-hetzner-cleanup.sh

Step 2 - Acquire API Token

In order to talk to the Hetzner DNS API, we need an authorization token. You can create one on the Hetzner DNS website: https://dns.hetzner.com/settings/api-token.

For this tutorial, we will assume the token is LlGoDUQ39S6akqoav5meAsv5OIpeywhj.

Save the token to /etc/hetzner-dns-token:

echo LlGoDUQ39S6akqoav5meAsv5OIpeywhj > /etc/hetzner-dns-token

Step 3 - Get Certificate

At this point, we can request a certificate from Let's Encrypt:

certbot certonly --manual --preferred-challenges=dns --manual-auth-hook /usr/local/bin/certbot-hetzner-auth.sh --manual-cleanup-hook /usr/local/bin/certbot-hetzner-cleanup.sh -d <example.com> -d *.<example.com>

Step 4 - Install Certificate

After having acquired a freshly baked TLS/SSL certificate, you will also want to put it to use. For example in a web server, or a mail server. This however is not covered here.

Conclusion

We created a Hetzner DNS API token and used domain validation to request a wildcard certificate, which covers the domain, as well as all subdomains.

License: MIT
Want to contribute?

Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!

Submit an articleFind out more
Report Issue
Try Hetzner Cloud

Get 20€ free credit!

Valid until: 31 December 2024 Valid for: 3 months and only for new customers
Get started
Want to contribute?

Get Rewarded: Get up to €50 credit on your account for every tutorial you write and we publish!

Find out more
Report Issue