SSL/tls Error on Hetzner DNS

Hi there
i got an error on Testing my setup.
API Token on Hetzner is generated and added to the Authorization Page
But on Test i got an error

Powershell/PoshACME DNS :: Error: Die Anfrage wurde abgebrochen: Es konnte kein geschützter SSL/TLS-Kanal erstellt werden… bei Find-HetznerZone, C:\Program Files\CertifyTheWeb\Scripts\DNS\PoshACME\Plugins\Hetzner.ps1: Zeile 221
bei Add-DnsTxt, C:\Program Files\CertifyTheWeb\Scripts\DNS\PoshACME\Plugins\Hetzner.ps1: Zeile 33
bei , : Zeile 35

Token as provided by Hetzner, Server will contact Hetzner DNS Api ( i can see it in my firewall logs, communicating on Port 443 to Hetzner DNS)

So anythingh i missed?


This error is saying that it cannot establish the connection to the Hetzner API - is your server maybe locked down to a narrow set of TLS Ciphers or do you have outgoing https blocked?

The server can communicate to all ports and servers…that should not the problem.
i also can see the connection on port 443 to the dns server from hetzner

checked on another PC (Windows 10), there its working.
But not on my RDS Gateway…this Server is still 2012R2

Has it ever worked on this server? The powershell part needs Powershell 5.1 to be installed at a minimum, also check you are using the very latest version of Certify (5.4.0 was released today).

First try to implement letsencrypt on the rds gateway…so no, never worked
Windows 2012r2 has TLS1.2, Windows 10 uses already 1.3.
Powershell was updated to 5.1
Certify was the last available version 5.4.0

You may want to investigate which TLS ciphers are enabled on the server, it looks like Hetzner API requires TLS 1.3 which may not be available

I usually use this tool to configure the available ciphers: Nartac Software - IIS Crypto

Note that the supported TLS Ciphers are an operating system configuration item and not within the scope of Certify The Web (which just gets and applies certificates).