FAQ

Last change on 2024-12-06 • Created on 2020-07-02 • ID: CL-BD8DE

What are the shared vCPU server plans?

In plans (CX, CPX, CAX) with shared vCPU the compute resources are distributed among all instances on the same physical server. These instances provide a baseline CPU performance and have the option to temporarily burst CPU usage above the baseline level. This allows us to provide these shared plans to you at a much lower price.

What are the dedicated vCPU server plans?

Plans (CCX) with dedicated vCPUs have their CPU resources exclusively. Here one vCPU equals one thread of a physical CPU core. Instances with dedicated vCPUs offer continuous and predictable high CPU performance. We recommend them for systems with high production loads and CPU intensive applications. They run on high-performance hardware and come with a generous allocation of I/O and network power.

All Hetzner Cloud features are available for dedicated vCPU instances. Using the rescale feature on the administration interface Cloud Console, you can also rescale to and from a plan with shared vCPU or up- and downgrade to another plan depending on how many resources you require.

Please note that our System Policies at https://www.hetzner.com/rechtliches/cloud-server/ also apply to our dedicated vCPU instances.

What limits come with the architecture types?

The architecture type of the server is relevant when you:

  • Create a new server from a Backup/Snapshot.
  • Attach an ISO image to the virtual drive in your server.
  • Change the server plan ("Rescale").

In those three cases, it is not possible to work with two different architecture types. If you want to create a new server from a Backup/Snapshot, you have to use a Backup/Snapshot that has the same architecture type as the server. If you want to mount an ISO image, you have to select an ISO image that supports the architecture type of your server. And finally, when you rescale your server, you can only change to a server plan with the same architecture type as your current server plan.

Do all servers have a public network?

No, they do not if you don't want them to! When creating a server, you can choose from three network options. This means that you can decide if you want your server to have no public IP addresses, one public IP address (IPv4 or IPv6) or two public IP addresses (IPv4 and IPv6). When creating a server, you need to select at least one of these three options. If you choose to create a server without public IPs (IPv4, IPv6), the server will have to be in a private network and it will not be connected to the public network. This can be a good choice if you do not need or want an internet connection and if the server's security is important to you.

Option
Private network no Primary IP at least one private IP
Public network one Primary IP (IPv4 or IPv6 ) private IP optional
Public network two Primary IPs (IPv4 and IPv6) private IP optional

It is possible to assign or remove Primary IPs after a server was created, but the server has to be in the power state "off". Also, to assign a Primary IPv6 after the initial server creation, you need to do a basic manual configuration on the server.

How do IPv6-only cloud servers work?

IPv6-only cloud servers have a public network, but no public IPv4 connectivity.

Restrictions for IPv6-only servers:

  • No public IPv4 connectivity

  • No Load Balancer (public IPv6 address)

    Load Balancers only support IPv4 addresses (public and private) as targets. You can use a private IPv4 to add an IPv6-only server as a target. The server only needs to be in the same private network as the Load Balancer.

How do private-network-only cloud servers work?

Servers without public IPs (IPv4, IPv6) have to be in a private network and are not connected to the public network.

Restrictions for servers without Primary IPs:

  • No public IPv4 and IPv6 connectivity
  • No Floating IPs (IPv4 and IPv6)
  • No Firewalls
  • No rescue system

Is it possible to remove the Primary IPs of all servers?

Yes, it is possible to remove the public IPs of all servers. This even includes cloud servers that were created before the introduction of Primary IPs.

If you want to change the Primary IPv6 after a server's initial creation, you need to do a basic configuration. For more information, see Primary IP configuration

Why can I not connect to my IPv6-only cloud server?

In terms of IPv6, the cloud server is always assigned a /64 network.

Example: 2001:db8:5678::/64

By default, we assign the first address from this network to the cloud server.

Example: 2001:db8:5678::1

To use the address to connect to your server via SSH, for example, you will have to enter it like this:

ssh root@2001:db8:5678::1

Please replace 2001:db8:5678 with your own IPv6 address.

If this does not work, please check whether your client or your Internet connection is IPv6-capable. This can be done here: https://ipv6-test.com/

If you still have problems logging in, please check the logs of your cloud server. Login is always possible via the Console on your Cloud Console and via a private IP.

If the Primary IPv6 was assigned after the initial server creation, please check the configuration on the server. You can use the Console on your Cloud Console and a private IP to connect to the server.

Can I use Floating IPs instead of Primary IPs?

No, it is not possible to assign Floating IPs to servers that do not already have a Primary IP of the same type (IPv4, IPv6). This is the case because Floating IPs require public IP connectivity, and servers that do not have Primary IPs do not have public connectivity.

  • Servers with a Primary IPv4 have public IPv4 connectivity.
  • Servers with a Primary IPv6 have public IPv6 connectivity.

Servers without Primary IPv4 and IPv6 do not have public IP connectivity.

How can I get a custom ISO?

Please note that the ISO image has to support the architecture type of your server. Therefore, remember to check which architecture types (x86/Arm64) your ISO image supports before you send us the link.

More information about the architecture type

For a server with the architecture type x86, you will need an ISO image that supports x86. For a server with the architecture type Arm64, you will need an ISO image that supports Arm64.

ISO image
x86
<—>
Cloud Server
x86
ISO image
Arm64
<—>
Cloud Server
Arm64

To mount your ISO image, you will have to send us the link for a direct download of the ISO. If you send us an Arm image, please mention this in your ticket too.

Please do not send us the link to the file (e.g. on Google Drive), but a link for a direct download. The link should not require us to select files or do anything manually for a download. If you are using Google Drive, for example, please change your Google Drive link into a link for a direct download. Below, you can find a short explanation on how this can be done.

You can send us the deeplink to the .iso file via the Cloud Console. In your project overview, simply select "Support" on the upper menu bar and choose "Miscellaneous" as your support request type.

Please also note that we do not support Windows ISOs, or OS that have already reached end-of-life (EOL).

  • Convert Google Drive link into a link for a direct download

    Right-click on your ISO file. Select "Share". This will open a new window. At the bottom of the window, in the "Get link" section, you can now select "Change to anyone with the link" and copy the link.

    The link should look like this:

    https://drive.google.com/file/d/<your-file-id>/view?usp=sharing

    Copy the unique ID of your ISO file. The unique ID is the part between d/ and /view.
    Next, in the URL below, replace <your-file-id> with the unique ID that you just copied.

    https://drive.google.com/uc?export=download&id=<your-file-id>

Why does my FreeBSD system (pfSense, OPNsense) have a constant 100% load?

If your FreeBSD system constantly has a load of 100%, you should check the following information:

  • Check information about the system:

    kenv | grep smbios.planar.product
  • Check the WCPU usage of rand_harvestq

    top -SP

If the output of the first command mentions "Q35", and the WCPU usage of rand_harvestq is about 100%, you can resolve the issue by following these steps:

  • Reboot your server.

  • During the boot process, switch to the loader prompt.

    At the end of the third phase of the boot process, the boot process should pause for about 10 seconds in which you can choose from a few different options. One of those options should be:

    3. Escape to loader prompt

    In the loader prompt, run the following commands to deactivate virtio-random and continue the boot process afterwards:

    set hint.vtrnd.0.disabled=1
    boot
    Click here to view an example
    Type '?' for a list of commands. 'help' for more detailed help.
    OK set hint.vtrnd.0.disabled=1
    OK boot
    Loading kernel ...

In the file /boot/device.hints, you can save this setting permanently:

hint.vtrnd.0.disabled=1

On OPNsense, the file /boot/device.hints may be modified during updates. Add the setting to the file /boot/loader.conf.local instead.

Do the cloud servers support vTPM or TPM?

No, our cloud servers do not support vTPM (Virtual Trusted Platform Module) or TPM (Trusted Platform Module).

How does Rescue work?

The Hetzner Rescue System is a Debian based Linux live environment that allows you administrative access to your server, even if the installed system does not boot anymore. The environment starts using network boot (PXE) and runs in the memory of the server, without touching the drives or your data on them. This makes it possible for you to carry out repairs to the installed system, access the data on the drives, create backups, and to install operating systems. Plus, you can install any other software you need using the Rescue System.

How to use Rescue:

  • Check out our getting started to learn how to activate and use Rescue.
  • If you rescale your cloud server, you will have to manually resize the partition via Rescue System. The tutorial Resize EXT Partition explains how to do that.

Can I use Cloud-Init when creating servers?

While creating your server, you can inject cloud-init user data. This means you can make your server execute special commands while booting, like creating users or running a shell command.

Example:

#!/bin/bash
touch /tmp/cloudinit_was_here

For more examples see https://help.ubuntu.com/community/CloudInit and https://cloudinit.readthedocs.io/en/latest/topics/examples.html

In order for cloud-init to work, you must use the system images we provide as they include a special cloud-init datasource.

Can I pick my Backup time?

In the past there used to be an option to pick a time yourself, however, we had to deactivate this feature. This allows us to better spread the additional load caused by running Backups throughout the day. It was necessary because many users picked the same time, causing performance repercussions and negatively impacting server performance during certain times of the day.

You can use our Snapshot feature if you want to precisely control when your disk gets saved.

How can I increase the primary disk of my cloud server?

Cloud servers primary disks are bound to their respective plan. In order to increase the primary disk, you have to Rescale the server.

How can i reset my server to its delivery state?

In order to reset the server to its delivery state, please select the server and then Rebuild. Next, select and restore the desired OS.

Important note: All saved data will be lost.

Rebuild

How can I reset my root password ?

First select your Project then the Server. In the upper navigation bar click on Rescue. At the bottom of the page you will find a button called "Reset Root Password".

Root-Reset

Is root password authentication disabled on servers that are created with an SSH key?

With most of the older operating systems, you can set a root password, even if you created your server with an SSH key. Newer versions of most operating systems (e.g. Debian 11, Ubuntu 22.04) recognized the vulnerability to brute force attacks that comes with this approach and disabled password authentication for the root user by default.

If you still want to enable password authentication, you can change the settings as explained below, for example:

nano /etc/ssh/sshd_config
  • Root passwort authentication is disabled

    PermitRootLogin prohibit-password
  • Root passwort authentication is allowed

    PermitRootLogin yes

How can I rename a server?

Navigate to the server you want to rename. In the top left, click the server's name and edit it. After you added a new name, click "OK" to save your changes.

Note that this will not change the hostname in your host's operating system. If you want to change the hostname too, you have to do it manually. For additional reference, see the tutorial "Check and change hostname on Debian".

server » rename

How can I reinstall a server?

We recommend deleting the server completely and creating a new one instead. This ensures that all settings are new and up to date.

You can keep the public IP address of your old server and use it for the new one. To do this, make sure that your Primary IP does not have “auto delete” enabled, or simply remove the Primary IP from the server before you delete the server. You can then assign the IP to the new server.

How can I access the server I rebuilt?

Assume you have rebuilt your server server1 from a Snapshot called snap1.

Case 1: Server1 was originally created without selecting an SSH key:

After rebuild, a new root password for server1 will be generated and mailed to you. It will be set on first boot using the cloud-init mechanism.

If snap1 contained injected SSH keys, these will also continue to work.

Case 2: Server1 was created with selecting your SSH key key1:

After rebuild, the key key1 will be injected into server1 on first boot using the cloud-init mechanism. You can use key1 to access your server.

If snap1 contained any more keys in its authorized_keys file, you can also still use these to access server1.

In all cases, server1 cannot be accessed using a root password directly after the rebuild, even if one was set in snap1.

Case 1 and Case 2 only apply if you restore a Snapshot that was taken from our officially provided images. If you used the rescue system or other means to install the server snap1 was taken from, it will not be fit for reconfiguration via cloud-init, and its behavior might be different.

Why has the disk partition remained the same after rescaling?

You have to manually resize the partition via Rescue System after the Rescale has been completed. Following community article can help further in this case: https://community.hetzner.com/tutorials/resize-ext-partition?title=Resize_Ext_Partition/en

Can I run virtual machines on cloud servers, or rather is nested virtualization possible?

No, this is not possible on cloud server.

While creating a new server, I have selected a Snapshot as source image. How can I access this server?

Assume you have created your server server1 from a Snapshot called snap1.

Case 1: You did not select an SSH key while creating server1:

After server creation, a root password for access will be generated and mailed to you. It will be set using the cloud-init mechanism.

If snap1 contained injected SSH keys, these will also continue to work.

Case 2: You selected SSH key key1 while creating server1:

After server creation, the key key1 will be injected into server1 using the cloud-init mechanism. You can use key1 to access your server.

If snap1 contained any more keys in its authorized_keys file, you can also still use these to access server1.

In all cases server1 cannot be accessed using a root password directly after its creation, even if one was set in snap1.

Case 1 and Case 2 only apply if you use a Snapshot that was taken from our officially provided images. If you used the rescue system or other means to install the server snap1 was taken from, it will not be fit for reconfiguration via cloud-init, and its behavior might be different.

The keyboard mapping in the console window seems to be wrong. How can I fix this?

All of our images come with keyboard mapping set for a US keyboard. If you have something different, you need to configure it yourself within your server.

For example, on Ubuntu you can do so by running

sudo dpkg-reconfigure keyboard-configuration

and selecting the keyboard layout you are using on your local PC. After a reboot, the keyboard mapping in the console will be correct.

How do I protect my server from being deleted by accident?

Servers, Snapshots and Floating IPs can be protected in the Cloud Console and API.

Before you can delete a protected resource, you have to deactivate the deletion protection. This provides an additional safeguard for accidental deletion.

Protected resources are indicated by a lock icon on the server, Snapshot and Floating IP overview page. You can't use the "Rebuild" feature to reinstall a protected server.

How can I change the location of my server?

It is not possible to change the location of an existing server. When you create a new server in the desired location, you can, however, choose to use a Snapshot or Backup of the existing server. The new server will then be a direct copy of the existing server.

  • Use a Snapshot to create a copy of the server
    When you select "Add server" on your project overview, you will be able to select a Snapshot during server creation. The server will then contain all the information and data that was saved on that Snapshot.

    Alternatively, you can also create a new server directly from your Snapshot as shown in the image below.

    snapshot-server

    Make sure that your Snapshot is up to date. Changes that have been made on the server after the Snapshot was created, are not included in the Snapshot.

  • Use a Backup to create a copy of the server
    If you have Backups enabled for your server, you can use the latest one to create a new server in the desired location. backup-server

    If the latest Backup is not up to date enough, you can create a new Backup manually. You can then use this Backup to create the new server in the desired location.

    backup-manually

How many servers can I create?

Each customer has a default limit for the number of cloud resources that we simultaneously provide. If you would like to increase your limit, you can send a request on your Cloud Console. To create a new request, navigate to your limits overview and select Request changeLimit increase at the top right. Please note that this is only possible if you have been with us for a month and paid your first invoice. Our team will quickly review your request and, if everything is in order, they will increase your limit.

What does it mean if an image is marked as deprecated?

When creating a server, you can select from a list of pre-made operating system images, such as Debian version 11. When the end of the lifecycle of this specific image version comes closer, we will mark it as deprecated.

This means that the image is still available. However, we will remove it in the future.

We will keep images marked as deprecated for at least another 3 months after the deprecation date. After that period, they may become unavailable at any time.

Why can I not send any mails from my server?

Unfortunately, email spammers and scammers like to use cloud hosting providers. And we at Hetzner naturally want to prevent this. That's why we block ports 25 and 465 by default on all cloud servers. This is a very common practice in the cloud hosting industry because it prevents abuse. We want to build trust with our new customers before we unblock these mail ports. Once you have been with us for a month and paid your first invoice, you can create a limit request to unblock these ports for a valid use case. In your request, you can tell us details about your use case. We make decisions on a case-by-case basis.

As an alternative, you can also use port 587 to send emails via external mail delivery services. Port 587 is not blocked and can be used without sending a limit request.

I can not reach my instance / I have two default routes. How can I fix this?

A bug in hc-utils caused NetworkManager to manage the private network interface and therefore installs a wrong default route.

We have published an updated hc-utils package. After the update got installed, the wrong default route should not get installed anymore.

The updated hc-utils is available here:

RHEL / CentOS / Rocky 8: https://packages.hetzner.com/hcloud/rpm/hc-utils-0.0.4-1.el8.noarch.rpm
Fedora 34/35: https://packages.hetzner.com/hcloud/rpm/hc-utils-0.0.4-1.fc34.noarch.rpm

Why did I not receive a root password after server creation?

When you add an SSH key during server creation, we will not send you root credentials (see "Is root password authentication disabled on servers that are created with an SSH key?").

If you do not add an SSH key during server creation, we will send you an email with root credentials.

The email with the root credentials is only sent to email addresses that you set as "main address" in your user account at accounts.hetzner.com/account/mail.

The email with the root credentials looks like this:

server created password en

If you didn't receive an email or deleted it, you can reset the root password in Cloud Console as explained in the FAQ entry above "How can I reset my root password?". Note: If the server was created with an SSH key, you can only use this password in the console (see "What is the console?").

On servers that were created with an SSH key, you only have these authentication options:

  • Via SSH, authenticate with your SSH key only
  • Via the console, authenticate with a generated root password

If you want to enable root password authentication for SSH connections, follow the commands mentioned in the FAQ entry above to modify the SSH configuration.

I have added my SSH key to the Cloud Console, why can I not access my existing server via my SSH key?

When creating a new server, you can select an SSH key that will automatically be added to the server. Instead of a password, this key is then used to authenticate on that server. Unfortunately, we cannot add SSH keys to existing servers. On those, you will have to add your SSH key manually. The community article Setting up an SSH key, for example, explains how to do this in step 4.

Why are no hard disks and/or network interfaces recognised when installing my custom BSD distribution (eg. pfsense or OPNsense)?

If you have any difficulties with the installation of a custom BSD distribution (e.g. error message / server stopped working) please create a support request. In your request, give us some details about what went wrong, and our support team will check if they can help so that you can install your custom distribution successfully.

What is the console?

The console that is provided on the Cloud Console is a VNC console. VNC consoles allow you to connect to a server as if you were sitting directly in front of the device with keyboard and mouse. The getting started Using the console explains how to open the console and how to login.

VNC consoles can display a graphical user interface, if the required software is installed on the server (see How to install TigerVNC on Ubuntu). Note, however, that root access is required to login on the console on Cloud Console.

Table of Contents