Skip to content

tkronawitter/truenas-acme-hetzner

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.github
.github
 
 
contrib
contrib
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
main_test.go
main_test.go
 
 

Repository files navigation

TrueNAS-ACME-Hetzner

ACME DNS-01 authenticator for TrueNAS using Hetzner DNS.

Fork of g0rbe/truenas-acme-hetzner — migrated to the new Hetzner Cloud API before the May 2026 shutdown of the legacy DNS Console.

CI Release codecov Go Version License: MIT

Why This Fork?

Hetzner is migrating DNS management from the legacy DNS Console (dns.hetzner.com) to the Hetzner Cloud Console (console.hetzner.com):

Legacy (upstream) New (this fork)
Console dns.hetzner.com console.hetzner.com
API Hetzner DNS API Hetzner Cloud API
Library elmasy-com/elnet Official hcloud-go
Status ⚠️ Shutdown May 2026 ✅ Supported

Key dates:

  • Nov 10, 2025: New zone creation disabled on legacy console
  • May 2026: Legacy DNS Console completely shut down

Upgrading from Upstream

This fork is a drop-in replacement — same CLI interface, same config file location.

⚠️ NEW API TOKEN REQUIRED

Your existing DNS Console token (dns.hetzner.com) will not work. You must create a new token in the Hetzner Cloud Console. See Configuration below.

Steps:

  1. Replace the binary with the new release
  2. Create a new API token in Hetzner Cloud Console
  3. Update $HOME/.tahtoken with the new token
  4. Migrate your DNS zone if not already done

Prerequisites

  • TrueNAS SCALE 24.x+
  • Domain with DNS managed by Hetzner (migrated to Cloud Console)
  • Hetzner Cloud API token with DNS permissions

Installation

Download Binary

wget -O /mnt/pool/tah https://github.com/tkronawitter/truenas-acme-hetzner/releases/latest/download/tah-linux-amd64
chmod +x /mnt/pool/tah

Initialize

/mnt/pool/tah init

Configuration

1. Create API Token

⚠️ You need a Hetzner Cloud Console token, NOT the old DNS Console token.

  1. Go to Hetzner Cloud Console
  2. Select your project (or create one)
  3. Go to SecurityAPI Tokens
  4. Click Generate API Token
  5. Name it (e.g., "TrueNAS ACME") and select Read & Write permissions
  6. Copy the token immediately (it won't be shown again)

See Hetzner docs on generating API tokens.

2. Store Token

echo -n "YOUR_CLOUD_API_TOKEN" > $HOME/.tahtoken

Note: File must contain only the token string, no trailing newline.

3. Migrate DNS Zone (if needed)

If your domain is still on the old DNS Console, migrate it first.

Usage

Test Configuration

/mnt/pool/tah test nas.example.com

TrueNAS Integration

In TrueNAS UI: Credentials → Certificates → ACME DNS-Authenticators

  • Authenticator: Shell
  • Script: /mnt/pool/tah

Building from Source

git clone https://github.com/tkronawitter/truenas-acme-hetzner.git
cd truenas-acme-hetzner
go build -o tah .

References

License

MIT License - see LICENSE for details.

Originally created by Dániel Görbe.

About

ACME DNS-Authenticators for TrueNAS using Hetzner DNS

Topics

acme truenas acme-dns truenas-scripts

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.1.0 Latest
Jan 29, 2026

Packages

 
 
 

Contributors

Languages

  • Go 67.7%
  • Shell 32.3%