Fix certificate bootstrapping issue by switch to DNS-01 challenge
Our current way of bootstrapping a new service does not really bootstrap an valid SSL certificate when deploying a role. As our nginx configuration does expects a certificate to be there, but it's not there yet and nginx needs to run so this is a classic chicken egg problem.
Hetzner has a DNS API now so we can switch to DNS verification.
- https://community.hetzner.com/tutorials/letsencrypt-dns
- https://github.com/Estivador/terraform-provider-hdns
- https://github.com/ctrlaltcoop/certbot-dns-hetzner
- https://github.com/alxrem/terraform-provider-hdns
Cons:
- Every machine can now issue a wildcard certificate :/
Edited by Kristian Klausen