letsencrypt: add hetzner cloud dns api

[BlackReloaded]

Summary by CodeRabbit

• New Features
  • Added Hetzner Cloud DNS provider for automated certificate issuance and renewal.
  • New configuration option to supply a Hetzner Cloud API token for DNS validation.
  • DNS-based validation now available for Hetzner Cloud, enabling seamless, automatic certificate management.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[home-assistant]

Hi @BlackReloaded

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

[home-assistant]

Please take a look at the requested changes, and use the Ready for review button when you are done, thanks 👍

Learn more about our pull request process.

[home-assistant]

Hi @BlackReloaded

It seems you haven't yet signed a CLA. Please do so here.

Once you do that we will be able to review and accept this pull request.

Thanks!

Stale

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request adds support for a new DNS provider, dns-hetzner-cloud, across the application stack. Changes include documentation updates, build configuration additions, container image modifications, and runtime script enhancements to support the new provider alongside existing DNS providers.

Changes

Cohort / File(s)	Summary
Documentation and Configuration Schema letsencrypt/DOCS.md, letsencrypt/config.yaml	Added dns-hetzner-cloud to the supported DNS providers list and introduced new hetzner_cloud_api_token credential field in the DNS configuration schema.
Build Configuration & Image letsencrypt/Dockerfile, letsencrypt/build.yaml	Added CERTBOT_DNS_HETZNER_CLOUD_VERSION build ARG / env (set to 1.0.4) and integrated certbot-dns-hetzner-cloud==${CERTBOT_DNS_HETZNER_CLOUD_VERSION} into the pip install step.
Runtime / Init Scripts letsencrypt/rootfs/etc/cont-init.d/file-structure.sh, letsencrypt/rootfs/etc/services.d/lets-encrypt/run	Persisted dns_hetzner_cloud_api_token to the DNS API key output and added a dns-hetzner-cloud branch in the DNS provider switch that appends the provider-specific credential and propagation arguments.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

• Review consistency of the hetzner_cloud_api_token naming across config.yaml, file-structure.sh, and the run script.
• Confirm CERTBOT_DNS_HETZNER_CLOUD_VERSION value (1.0.4) is correct and matches any release notes or compatibility requirements.
• Verify the pip install line formatting and that adding the package doesn’t conflict with other certbot DNS plugin versions.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically identifies the main change: adding Hetzner Cloud DNS API support to the letsencrypt addon.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between cb47362 and 4421ca4.

📒 Files selected for processing (2)

• letsencrypt/DOCS.md (4 hunks)
• letsencrypt/rootfs/etc/services.d/lets-encrypt/run (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• letsencrypt/rootfs/etc/services.d/lets-encrypt/run

🧰 Additional context used

📓 Path-based instructions (1)

*/**(html|markdown|md)

⚙️ CodeRabbit configuration file

*/**(html|markdown|md): - For instructional content in documentation, use a direct and authoritative tone. Avoid expressions of politeness such as 'may' or 'please', and ensure the goal of the instruction is fronted.

• Apply the Microsoft Style Guide to ensure documentation maintains clarity and conciseness.
• In step-by-step instructions, front the location phrase in the instructional sentence.
• In step-by-step instructions, front the 'goal' in the instructional sentence.
• In step-by-step instructions, if in doubt what to front, front the 'goal' before the location phrase in the instructional sentence.
• do not hyphenate terms like 'top-right' or 'bottom-left' with 'corner'

*/**(html|markdown|md): - Use bold to mark UI strings.

• If "" are used to mark UI strings, replace them by bold.

• Be brief in your replies and don't add fluff like "thank you for..." and "Please let me know if"

• Use sentence-style capitalization also in headings.

do not comment on HTML used for icons

Avoid flagging inline HTML for embedding videos in future reviews for this repository.

Files:

• letsencrypt/DOCS.md

🔇 Additional comments (1)

letsencrypt/DOCS.md (1)

65-65: All provider lists are now properly synchronized.

The previous concern about missing dns-hetzner-cloud from the "Supported DNS providers" list has been resolved. The new provider is correctly added across all three required locations:

• Line 65: Added to the inline provider list in alphabetical order (between dns-hetzner and dns-infomaniak)
• Line 136: Added to the credentials section in alphabetical order
• Lines 848–867: Added comprehensive configuration documentation with example and link to full documentation
• Line 1479: Added to the summary "Supported DNS providers" list in alphabetical order

All entries maintain consistent formatting and alphabetical ordering throughout the documentation.

Also applies to: 136-136, 848-867, 1479-1479

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

letsencrypt/rootfs/etc/services.d/lets-encrypt/run (1)

185-189: dns-hetzner-cloud case logic looks good; clarify the comment label

The new dns-hetzner-cloud branch correctly requires dns.hetzner_cloud_api_token and assembles ACME_ARGUMENTS in line with the other DNS providers. To avoid confusion with the existing # Hetzner block above, consider renaming this comment to # Hetzner Cloud.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Cache: Disabled due to data retention organization setting

Knowledge base: Disabled due to data retention organization setting

📥 Commits

Reviewing files that changed from the base of the PR and between 2f6933d and cb47362.

📒 Files selected for processing (6)

• letsencrypt/DOCS.md (2 hunks)
• letsencrypt/Dockerfile (2 hunks)
• letsencrypt/build.yaml (1 hunks)
• letsencrypt/config.yaml (2 hunks)
• letsencrypt/rootfs/etc/cont-init.d/file-structure.sh (1 hunks)
• letsencrypt/rootfs/etc/services.d/lets-encrypt/run (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

*/**(html|markdown|md)

⚙️ CodeRabbit configuration file

*/**(html|markdown|md): - For instructional content in documentation, use a direct and authoritative tone. Avoid expressions of politeness such as 'may' or 'please', and ensure the goal of the instruction is fronted.

• Apply the Microsoft Style Guide to ensure documentation maintains clarity and conciseness.
• In step-by-step instructions, front the location phrase in the instructional sentence.
• In step-by-step instructions, front the 'goal' in the instructional sentence.
• In step-by-step instructions, if in doubt what to front, front the 'goal' before the location phrase in the instructional sentence.
• do not hyphenate terms like 'top-right' or 'bottom-left' with 'corner'

*/**(html|markdown|md): - Use bold to mark UI strings.

• If "" are used to mark UI strings, replace them by bold.

• Be brief in your replies and don't add fluff like "thank you for..." and "Please let me know if"

• Use sentence-style capitalization also in headings.

do not comment on HTML used for icons

Avoid flagging inline HTML for embedding videos in future reviews for this repository.

Files:

• letsencrypt/Dockerfile
• letsencrypt/config.yaml
• letsencrypt/build.yaml
• letsencrypt/DOCS.md

🔇 Additional comments (5)

letsencrypt/DOCS.md (1)

136-136: Credential key wiring looks correct

The hetzner_cloud_api_token field is added consistently alongside hetzner_api_token and matches the naming used in the new dnsapikey output and run script.

letsencrypt/build.yaml (1)

23-25: New Hetzner Cloud version arg is aligned with existing pattern

CERTBOT_DNS_HETZNER_CLOUD_VERSION is added in the same style and position as the other CERTBOT_DNS_* version args; no issues spotted.

letsencrypt/Dockerfile (1)

21-23: Docker ARG and pip install for Hetzner Cloud look consistent

The added build ARG and pip installation of certbot-dns-hetzner-cloud follow the existing pattern (alphabetical placement, version pin, and use in pip3 install). No issues found.

Also applies to: 75-77

letsencrypt/rootfs/etc/cont-init.d/file-structure.sh (1)

35-37: dnsapikey entry for Hetzner Cloud is correctly wired

The dns_hetzner_cloud_api_token line matches the new dns.hetzner_cloud_api_token config option and follows the same format and ordering as the existing dns_hetzner_api_token entry.

letsencrypt/config.yaml (1)

77-79: Schema updates for Hetzner Cloud are coherent and consistent

The hetzner_cloud_api_token field and dns-hetzner-cloud provider enum entry integrate cleanly with the existing DNS schema and respect the alphabetical ordering note. They line up with the new file-structure and run-script handling.

Also applies to: 133-136

[Dominik28111]

Any ETA on that? My cert expired and my UI is currently not useable with SSL.