External service returning 503

I have deployed ztjk on google cloud and have configured helm to provide it with a letsencrypt cert. It works when I go to https://hub.mydomain.com and I can login. I have also created a backend rest api at https://backend.mydomain.com and have configured jupyterhub to use it as the backend, such that when I go to https://hub.mydomain.com/services/backend it should access backend.mydomain.com.

The problem is that going to https://hub.mydomain.com/services/backend it shows a 503 error. But, if I use the ip and go to http://ip-of-hub/services/backend it works properly. I see the following in my logs:

[ConfigProxy] e[31merrore[39m: 503 GET /services/backend/ Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: hub.mydomain.com. is not in the cert's altnames: DNS:backend.mydomain.com

Any idea what the problem is?

It sounds like you might need DNS records for backend.mydomain.com. Are all those set up correctly for your Ingress controller? The problem might also be that the hosts of your cert-manager and something else don’t match.

Thanks for the response. I ended up solving it by issuing the same cert for both the jupyterhub and the backend. But I find it odd that I had to do this. My expectation was that jupyterhub’s external service can be anything (e.g., a server that is not under my control).

1 Like