certbot-hook-hetzner

command module
v0.0.0-...-11a9349 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 21, 2026 License: GPL-3.0 Imports: 6 Imported by: 0

README

Certbot Hook Hetzner

A binary to solve DNS-01 challenges over the (new) Hetzner Console API via Certbots --manual-auth-hook and --manual-cleanup-hook flags.

Usage

  1. Download the latest release
  2. Place a file containing your API token under /etc/certbot/hetzner.token
  3. Run certbot:
certbot certonly \
  --manual \
  --preferred-challenges=dns \
  --manual-auth-hook "/path/to/certbot-hook-hetzner -hook auth" \
  --manual-cleanup-hook "/path/to/certbot-hook-hetzner -hook cleanup" \
  -d <example.com> \
  -d *.<example.com>
Options

You can configure certbot-hook-hetzner with flags:

Flag Description Default
-hook which hook to run, auth or cleanup
-token-file path to a file containing an hetzner cloud api token /etc/certbot/hetzner.token
-wait duration to wait for dns propagation, e.g. 30s, 10m, 1h, 1h30m 30s
-zone overwrite the automatic zone detection (optional)
-dump-config prints the config for debugging purposes false
With Docker

Here's an example docker compose file:

services:
  example.com: # change this
    image: certbot/certbot:latest
    container_name: certbot-example-com # change this
    restart: no
    volumes:
      - /path/to/certbot-hook-hetzner:/usr/bin/certbot-hook-hetzner # change this
      - /path/to/hetzner.token:/etc/certbot/hetzner.token # change this
      - /etc/letsencrypt:/etc/letsencrypt
      - /var/lib/letsencrypt:/var/lib/letsencrypt
    command:
      - 'certonly'
      - '--non-interactive'
      - '--agree-tos'
      - '--email'
      - 'me@example.com' # change this
      - '--manual'
      - '--preferred-challenges'
      - 'dns'
      - '--manual-auth-hook'
      - 'certbot-hook-hetzner -hook auth'
      - '--manual-cleanup-hook'
      - 'certbot-hook-hetzner -hook cleanup'
      - '-d'
      - 'example.com' # change this
      - '-d'
      - '*.example.com' # change this

Now you can do docker compose run --rm example.com.

Motivation

Recently I've migrated my DNS to Hetzner, so naturally I needed a way to request certificates via Certbot by solving the DNS-01 ACME challenge. I found a plugin but it didn't offer a docker image, so I decided to create my own solution.

Why didn't you write a proper Certbot plugin?

I'm not much of a Python guy. I also use docker to run Certbot, and I don't want to build a new image for the plugin every time a new version of Certbot gets released.

Why didn't you use a simple bash script?

Sadly there's no /bin/bash inside the certbot/certbot Docker Image and even if you rewrite the script to work with /bin/sh, you'll find out that there's no curl either.

Development

echo "api_token" > /app/token

DEBUG=true CERTBOT_DOMAIN=example.com CERTBOT_VALIDATION=asdf go run . -token-file /app/token -hook auth
DEBUG=true CERTBOT_DOMAIN=example.com CERTBOT_VALIDATION=asdf go run . -token-file /app/token -hook cleanup

Build

./scripts/build.sh

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.