Skip to content

πŸ” Hetzner CertificateΒΆ

Automates the process of issuing and deploying SSL certificates for domains managed by Hetzner DNS using acme.sh. Supports DNS-based validation and direct deployment to Synology DSM.

πŸ› οΈ Service ConfigurationΒΆ

  • Loads environment variables from .env file
  • Installs and configures acme.sh
  • Issues wildcard certificates via Hetzner DNS API
  • Deploys certificates to Synology DSM
  • Sets up automatic renewal
hetzner.sh
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Laden der Umgebungsvariablen aus der .env-Datei
if [ -f .env ]; then # (1)!
    export $(grep -v '^#' .env | xargs -d '\n')
fi

# Acme.sh von GitHub herunterladen und extrahieren
wget https://github.com/acmesh-official/acme.sh/archive/master.tar.gz # (2)!
tar -xvzf master.tar.gz
cd acme.sh-master
./acme.sh --install --nocron --home /usr/local/share/acme.sh --accountemail "$ACME_ACCOUNT_EMAIL"
cd ~
source .profile

# Zertifikat ausstellen
cd /usr/local/share/acme.sh # (3)!
export HETZNER_TOKEN="$HETZNER_TOKEN"
./acme.sh --issue --dns dns_hetzner -d "$DOMAIN" -d "*.$DOMAIN" --server letsencrypt

# Synology Einstellungen fΓΌr Anmeldung und Zertifikat
export SYNO_USERNAME="$SYNO_USERNAME"
export SYNO_PASSWORD="$SYNO_PASSWORD"
export SYNO_CERTIFICATE=""

# Zertifikat auf Synology DSM bereitstellen
./acme.sh --deploy --home . -d "$DOMAIN" --deploy-hook synology_dsm # (4)!

# Zertifikat ernern 

/usr/local/share/acme.sh/acme.sh --cron --home /usr/local/share/acme.sh/ # (5)!
  1. Loads required environment variables from a .env file (must define ACME_ACCOUNT_EMAIL, HETZNER_TOKEN, DOMAIN, SYNO_USERNAME, SYNO_PASSWORD).
  2. Installs acme.sh if it is not already available on the system.
  3. Issues a wildcard SSL certificate for the specified domain using Hetzner DNS API.
  4. Deploys the issued certificate directly to Synology DSM using the acme.sh deploy hook.
  5. Optional: Adds a cron job to automatically renew certificates

πŸ” Important NotesΒΆ

  • Requires internet access and permissions to install software
  • Synology DSM must support certificate deployment via acme.sh
  • The script will attempt to renew certificates automatically if cron is enabled
  • The .env file must be present and contain all required variables

πŸš€ UsageΒΆ

sh assets/scripts/hetzner_cert.sh
  • Ensure your .env file contains: ACME_ACCOUNT_EMAIL, HETZNER_TOKEN, DOMAIN, SYNO_USERNAME, SYNO_PASSWORD

πŸ”„ Maintenance & UpdatesΒΆ

  • To manually renew certificates:
    acme.sh --renew -d yourdomain.com --force
  • To update acme.sh:
    acme.sh --upgrade

πŸ”— ReferencesΒΆ

Share on Social Media