I am deploying my JupyterHub, using the distribution zero-to-jupyterhub, on Google Cloud Platform with Kubernetes. I want to set up automatic HTTPS from letsencrypt with the configuration setting described in the config.yaml file. However, even though it was successfully deployed using Helm, I am not able to establish a secure connection when accessing the site.
It seems to me that letsencrypt is not able to provide a certificate after scanning the site with ssllabs.
Please advise on what can be done to debug. Thank you in advance.
Hi! What version of Z2JH are you using? Is your external IP and hostname open to everyone, or have you made any customisations to your cluster such as limiting access with a firewall?
Assuming you’re using the latest version of Z2JH you should be able to get some logs from the autohttps/traefik pod, if that doesn’t help please share the logs here.
time="2021-08-03T01:13:48Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.toml"
time="2021-08-03T01:13:48Z" level=info msg="Traefik version 2.1.9 built on 2020-03-23T17:23:17Z"
time="2021-08-03T01:13:48Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
time="2021-08-03T01:13:48Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2021-08-03T01:13:48Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/dynamic.toml\"}"
time="2021-08-03T01:13:48Z" level=info msg="Starting provider *traefik.Provider {}"
time="2021-08-03T01:13:48Z" level=info msg="Starting provider *acme.Provider {\"email\":\"redacted@email.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/etc/acme/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"http\"},\"ResolverName\":\"le\",\"store\":{},\"ChallengeStore\":{}}"
time="2021-08-03T01:13:48Z" level=info msg="Testing certificate renew..." providerName=le.acme
time="2021-08-03T01:13:49Z" level=info msg=Register... providerName=le.acme
time="2021-08-03T01:14:02Z" level=error msg="Unable to obtain ACME certificate for domains \"redacted.com\" : unable to generate a certificate for the domains [redacted.com]: acme: Error -> One or more domains had a problem:\n[redacted.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://redacted.com/.well-known/acme-challenge/tDlj6vsCY5R9yx8nmr7aAJxbA5MDO6nbR9Q5peyrGKA: Timeout during connect (likely firewall problem), url: \n" providerName=le.acme
time="2021-08-03T01:14:02Z" level=error msg="Unable to obtain ACME certificate for domains \"redacted.com\" : unable to generate a certificate for the domains [redacted.com]: acme: Error -> One or more domains had a problem:\n[redacted.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://redacted.com/.well-known/acme-challenge/xdy_nJVBSOTSHKcTHbL1mXpb7lX2dg2xazRKEUfbOjA: Timeout during connect (likely firewall problem), url: \n" providerName=le.acme
Please let me know if anything could be done, I really appreciate any help.
