Jupyterhub proxy error after including SSL key and cert

I have jupyterhub installed in my server and all these days I was logging in without SSL certificate and everything was working fine. Now I have SSL certificate (.cer) and I have generated key from it and made changes in config file for c.JupyterHub.ssl_cert and
c.JupyterHub.ssl_key. But when I start jupyterhub I get below error.

[I 2021-03-23 09:50:15.434 JupyterHub proxy:646] Starting proxy @ http://10.203.6.43:8080/
_tls_common.js:113
      c.context.setCert(cert);
                ^

Error: error:0906D06C:PEM routines:PEM_read_bio:no start line
    at Object.createSecureContext (_tls_common.js:113:17)
    at Server (_tls_wrap.js:868:27)
    at new Server (https.js:62:14)
    at Object.createServer (https.js:84:10)
    at new ConfigurableProxy (/opt/anaconda3/lib/node_modules/configurable-http-proxy/lib/configproxy.js:223:32)
    at Object.<anonymous> (/opt/anaconda3/lib/node_modules/configurable-http-proxy/bin/configurable-http-proxy:333:13)
    at Module._compile (internal/modules/cjs/loader.js:688:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:699:10)
    at Module.load (internal/modules/cjs/loader.js:598:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:537:12)
[C 2021-03-23 09:50:16.537 JupyterHub app:2517] Failed to start proxy
    Traceback (most recent call last):
      File "/opt/anaconda3/lib/python3.8/site-packages/jupyterhub/app.py", line 2515, in start
        await self.proxy.start()
      File "/opt/anaconda3/lib/python3.8/site-packages/jupyterhub/proxy.py", line 673, in start
        _check_process()
      File "/opt/anaconda3/lib/python3.8/site-packages/jupyterhub/proxy.py", line 669, in _check_process
        raise e from None
    RuntimeError: Proxy failed to start with exit code 1

# configurable-http-proxy --ip 10.203.6.43 --port 8080
10:05:21.706 [ConfigProxy] warn: REST API is not authenticated.
10:05:21.713 [ConfigProxy] info: Proxying http://10.203.6.43:8080 to (no default)
10:05:21.713 [ConfigProxy] info: Proxy API at http://localhost:8081/api/routes

After looking at similar issues online still I don’t seem to overcome it. Can someone kindly help me with this error.

I googled your error message and found this stackoverflow post which suggests your certificate may be incorrect

If you’re still stuck can you:

  • give full details of your jupyterhub deployment including how it’s deployed and your JupyterHub configuration with secrets redacted
  • the commands you used to create your certificate

This may help others to figure out your problem.

Thanks for your reply. Unfortunately the certificate (.cer) was created by another team I only generated key from it using following command.

openssl x509 -inform der -in /opt/mycert.cer -pubkey -noout > /opt/mykey.pem

My jupyterhub is deployed in amazon linux and version is 1.1.0. Below is my config file.

c.JupyterHub.ip = '10.203.6.43'
c.JupyterHub.port = 8080
c.JupyterHub.ssl_cert = '/opt/anaconda3/mycert.cer'
c.JupyterHub.ssl_key = '/opt/anaconda3/mykey.pem'

This is how my .cer looks like

openssl x509 -text -inform DER -in /opt/anaconda3/mycert.cer
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:26:2a:e2:6a:34:45:b0:4f
        Signature Algorithm: RSAEncryption
        Issuer: DC = com, DC = example, CN = exampleaa-CA
        Validity
            Not Before: Aug 25 15:18:44 2020 GMT
            Not After : Aug 25 15:28:44 2025 GMT
        Subject: DC = com, DC = example, CN = exampleaa-CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:b1:26:89:f6:28:27:6a:26:c5:f8:2c:92:5b:
                    3d:35:52:c4:0d:02:ac:22:e7:27:ad:f5:5d:bf:ba:
                    73:8f:81:31:4e:16:52:50:82:6d:78:74:a0:f4:c3:
                    
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage:
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier:
                47:BB:AC:C6:EE:5B:A0:40:3F:B9:80:CF:DF:66:
                ...
    Signature Algorithm: sha256WithRSAEncryption
         1c:60:ad:da:b1:fc:08:ed:50:cd:ae:f0:49:0d:26:79:7a:b2:
         8b:76:8f:12:74:48:28:50:da:b0:ca:a0:59:55:5e:3f:e6:ca:
         6c:f3:c8:6b:91:1a:45:b9:65:66:5a:f7:d3:21:4b:80:62:44:  
-----BEGIN CERTIFICATE-----
MIIDezCCAmOgAwIBAgIQeCYq4mo0RbBPBpg6ScDwbDANBgkqhkiG9w0BAQsFADBQ
MRMwEQYKCZImiZPyLGQBGRYDY29tMRYwFAYKCZImiZPyLGQBGRYGYXdzYWVwMSEw
HwYDVQQDExhhd3NhZXAtQUVQMFBEQ01HTVQwMDEtQ0EwHhcNMjAwODI1MTUxODQ0

-----END CERTIFICATE-----

Let me know if you require any other details.

PS: I have removed few characters from keys above for security reasons.

@manics Do you have any solution to this? I am still unable to resolve it. Further the same certificate is used for other applications and it is working fine. So I think this should not be an issue with certificate.