Fix certificate bootstrapping issue by switch to DNS-01 challenge

Our current way of bootstrapping a new service does not really bootstrap an valid SSL certificate when deploying a role. As our nginx configuration does expects a certificate to be there, but it's not there yet and nginx needs to run so this is a classic chicken egg problem.

Hetzner has a DNS API now so we can switch to DNS verification.

https://community.hetzner.com/tutorials/letsencrypt-dns
https://github.com/Estivador/terraform-provider-hdns
https://github.com/ctrlaltcoop/certbot-dns-hetzner
https://github.com/alxrem/terraform-provider-hdns

Cons:

Every machine can now issue a wildcard certificate :/

Edited Jan 10, 2021 by Kristian Klausen

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

Fix certificate bootstrapping issue by switch to DNS-01 challenge