I have written the hetzner-dnsapi-proxy utility to forward requests to a small number of known DNS APIs to the Hetzner DNS API. This is useful if you have a device on a private network and want to create a valid TLS certificate with LetsEncrypt.

In addition, Hetzner does not provide granular access control for its API, so another benefit of the proxy is that it gives you control over which DNS records can be updated on a per-user basis.

The supported APIs are:

  • lego HTTP requests
  • acme-dns
  • DirectAdmin (legacy API)
  • Plain HTTP requests with query parameters

You can find the project and more information about it here.