Hetzner "DNS Console is moving to the Hetzner Console"
Closed this issue · 17 comments
What provider would you like to see added to NPM?
Hetzner is moving DNS Console to the Hetzner Console.
After migration in Hetzner to Hetzner Console, DNS challenge seems broken because of "zone not found".
[10/19/2025] [7:27:03 PM] [Global ] › ⬤ debug CMD: certbot certonly --config '/etc/letsencrypt.ini' --work-dir "/tmp/letsencrypt-lib" --logs-dir "/tmp/letsencrypt-log" --cert-name 'npm-32' --agree-tos --email 'XXXX' --domains 'XXXX' --authenticator 'dns-hetzner' --dns-hetzner-credentials '/etc/letsencrypt/credentials/credentials-32'
[10/19/2025] [7:27:06 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -t -g "error_log off;"
[10/19/2025] [7:27:06 PM] [Nginx ] › ℹ info Reloading Nginx
[10/19/2025] [7:27:06 PM] [Global ] › ⬤ debug CMD: /usr/sbin/nginx -s reload
[10/19/2025] [7:27:06 PM] [Express ] › ⚠ warning Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Encountered exception during recovery: certbot_dns_hetzner.hetzner_client._ZoneNotFoundException: Zone port.movtube.de not found in Hetzner account
Zone port.movtube.de not found in Hetzner account
Before:
curl -sS https://dns.hetzner.com/api/v1/zones -H "Auth-API-Token: XXXXX"
{"zones":[],"meta":{"pagination":{"page":0,"per_page":0,"previous_page":0,"next_page":0,"last_page":0,"total_entries":0}},"error":{"message":"zone not found","code":404}}
After the migration
curl -H "Authorization: Bearer XXXXX" \
"https://api.hetzner.cloud/v1/zones"
{
"meta": {
"pagination": {
"last_page": 1,
"next_page": null,
"page": 1,
"per_page": 25,
"previous_page": null,
"total_entries": 1
}
},
"zones": [
{
The DNS API can no longer be used for the zone after migration. If you use third-party integrations, please first ensure that they support the new Cloud API.
So here is my request to impement the new API.
Supposedly, DNS multi can already do this, but it doesn't work with the plugin via NPM or certbot :-(
Supposedly, DNS multi can already do this, but it doesn't work with the plugin via NPM or certbot :-(
DNSmulti on NPM v2.12.6 worked for me without issues for Hetzner Cloud DNS (with a Read Write API Key)
ok how did you updatet the certbot plugin to version 4.27.0 ?
because i got this
[10/23/2025] [9:13:58 AM] [Global ] › ⬤ debug CMD: . /opt/certbot/bin/activate && pip install --no-cache-dir certbot-dns-multi~=4.9 && deactivate
ok how did you updatet the certbot plugin to version 4.27.0 ?
I would guess you would have to recreate the container (I am using the docker version (image: 'jc21/nginx-proxy-manager:latest'))
I am on a new setup though, saw your message and tried it and it just worked.
Okay, I built another complete image because, unfortunately, go is not installed, so I have to do it myself, and yet only certbot-dns-multi is installed, as can be seen here
“dnsmulti”: {
“name”: “DnsMulti”,
“package_name”: “certbot-dns-multi”,
“package_name”: “certbot-dns-multi”,
“version”: “~=4.9”,
“dependencies”: “”,
“credentials”: “# See https://go-acme.github.io/lego/dns/#dns-providers for list of providers and their settings\n# Example provider configuration for DreamHost\n# dns_multi_provider = dreamhost\n# DREAMHOST_API_KEY = ABCDEFG1234”,
“full_plugin_name”: “dns-multi”
},
What am I doing wrong?
I have pulled a new image (latest), but it doesnt work to pull a certicate from letsencrypt
errorlog from npm:
`CommandError: Saving debug log to /tmp/letsencrypt-log/letsencrypt.log
Encountered exception during recovery: certbot.errors.PluginError: Malformed authorization or invalid API token
Malformed authorization or invalid API token
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /tmp/letsencrypt-log/letsencrypt.log or re-run Certbot with -v for more details.
at /app/lib/utils.js:16:13
at ChildProcess.exithandler (node:child_process:430:5)
at ChildProcess.emit (node:events:524:28)
at maybeClose (node:internal/child_process:1104:16)
at ChildProcess._handle.onexit (node:internal/child_process:304:5)`
ok how did you updatet the certbot plugin to version 4.27.0 ?
How can I update certbot in the nginx proxy manager container?
So I just installed NPM (the container most likely pulls the newest version of DNSmulti on startup). Went to the SSL tab on NPM -> Add SSL Certificate, Lets Encrypt, DNS Challenge -> DNSmulti.
In the file config i added:
dns_multi_provider = hetzner
HETZNER_API_TOKEN = myToken
And submitted it, took like 30-40 seconds until i got the cert.
Got the API token under https://console.hetzner.com/ -> DNS Migrated -> Security -> API tokens
So I just installed NPM (the container most likely pulls the newest version of DNSmulti on startup). Went to the SSL tab on NPM -> Add SSL Certificate, Lets Encrypt, DNS Challenge -> DNSmulti.
In the file config i added:
dns_multi_provider = hetzner
HETZNER_API_TOKEN = myToken
And submitted it, took like 30-40 seconds until i got the cert.
Got the API token under https://console.hetzner.com/ -> DNS Migrated -> Security -> API tokens
Yes, this works! Thanks
i tried it but i need to install go inside of the docker ... and this only works if i create my own images.
That's why I always got the latest version, but for some reason, it still only gets version 4.9 of the DNS Mutli plugin.
directly with certbot on the server with the newst dns multi plugin works but not with the one inside of the docker because it is version 4.9 not 4.27.0
There is a pypi certbot plugin which could also be used https://pypi.org/project/certbot-dns-hetzner-cloud/
I do not have the full picture, but to my knowledge we would need to add this to the certbot-dns-plugins.json
"hetzner-cloud": {
"name": "Hetzner Cloud",
"package_name": "certbot-dns-hetzner-cloud",
"version": "~=1.0.4",
"dependencies": "",
"credentials": "dns_hetzner_cloud_api_token = your_api_token_here",
"full_plugin_name": "dns-hetzner-cloud"
}The fact is that with the current version of NPM 1.12.6, I can only use dnsmulti if I install go in the container, which I managed to do with my own image. However, no matter which image I try, version 4.9 of DNS Multi is always installed. Without GO, DNS Multi doesn't work at all. Either I'm stupid or I'm doing something wrong.
Without GO, DNS Multi doesn't work at all.
Thats confusing, I also just used the contsiner without adding go. Are you using the x86_64 container or maybe arm or so?
Thats my compose:
services:
nginx-proxy-manager:
image: 'jc21/nginx-proxy-manager:latest'
container_name: nginx-proxy-manager
restart: unless-stopped
volumes:
- /path/to/data/nginx-proxy-manager/data:/data
- /path/to/data/nginx-proxy-manager/letsencrypt:/etc/letsencrypt
environment:
TZ: 'Europe/Berlin'
could be i use arm
There is a pypi certbot plugin which could also be used https://pypi.org/project/certbot-dns-hetzner-cloud/
I do not have the full picture, but to my knowledge we would need to add this to the certbot-dns-plugins.json
"hetzner-cloud": { "name": "Hetzner Cloud", "package_name": "certbot-dns-hetzner-cloud", "version": "~=1.0.4", "dependencies": "", "credentials": "dns_hetzner_cloud_api_token = your_api_token_here", "full_plugin_name": "dns-hetzner-cloud" }
This new plugin is perfectly working. I added it into ./global/certbot-dns-plugins.json and removed the old Hetzner one. Rebuild the frontend and added the new plugin to certbot. So for make it working with the new DNS API this is enough.
DNSMulti was not working for me. I always got 401 from the API back.
Okay, I have now obtained the original certbot-dns-plugins.json and manually integrated it via compose.
Now the plugin is working, but I still have to install Go manually for some reason.
dns multi needs to bechanged from version 4.9 to 4.27.0 then it works