It's quite annoying how Hetzner is dealing with KonsoleH, not only that the website style looks ancient, it seems like there has been no interest in migrating to the new DNS API by them. Therefore, you need to update everything by hand, just follow the description here.

We'll update the wildcard certificate *.gasperi.name and gasperi.name.

I assume you have certbot installed.

/usr/local/bin/certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d gasperi.name -d *.gasperi.name  --preferred-challenges dns

Next some output will come with instructs you to put some long string into your zonefile (in KonsoleH go to products, click your domain and then on the red pencil next to DNS).

In KonsoleH scroll down to “TXT-Records” and find the first entry “_acme-challenge” - make sure that you keep the double quotes and just replace the text between and then press the red icon which looks like a floppy disk. Do not copy both strings and then the save button, this only works if you use “Advanced View/Erweiterte Ansicht”.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.gasperi.name with the following value:

some_long_string_will_be_copied

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.gasperi.name with the following value:

some_long_string_will_be_copied

Before continuing, verify the record is deployed.
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet. Note that you might be
asked to create multiple distinct TXT records with the same name. This is
permitted by DNS standards.)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

After having saved the strings in “_acme-challenge” give the DNS server a minute or so before you finally press enter. In order to verify that the DNS server already has received the update you can check by

dig -q _acme-challenge.gasperi.name -t TXT +multiline +noall +answer @ns1.your-server.de

If you can see the same string as you have copied before, you are fine to press enter in certbot.

The last thing you will have to do is to make sure that all your daemons (services) have read permission on two directories

/etc/letsencrypt/live/
/etc/letsencrypt/archive/

If you have troubles, feel free to ask for help.