SSL certificates not renewed with TLJH

Shakthi_Kannan · January 1, 2021, 11:10am

Hi,

I have setup TLJH with SSL using the following documentation:

Enable HTTPS — The Littlest JupyterHub v0.1 documentation

I received an e-mail that the SSL certificates need to be renewed. Why did they not get renewed automatically?

Your certificate (or certificates) for the names listed below will expire in 10 days. Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left.

I see the following messages keep repeating in the logs:

$ sudo journalctl -u traefik

Nov 05 16:29:12 navajo traefik[70417]: time="2020-11-05T16:29:12Z" level=warning msg="A new release has been found: 2.3.2. Please consider updating."
Nov 06 16:29:12 navajo traefik[70417]: time="2020-11-06T16:29:12Z" level=info msg="Testing certificate renew..."
Nov 06 16:29:12 navajo traefik[70417]: time="2020-11-06T16:29:12Z" level=warning msg="A new release has been found: 2.3.2. Please consider updating."
Nov 07 16:29:12 navajo traefik[70417]: time="2020-11-07T16:29:12Z" level=info msg="Testing certificate renew..."
Nov 07 16:29:12 navajo traefik[70417]: time="2020-11-07T16:29:12Z" level=warning msg="A new release has been found: 2.3.2. Please consider updating."
Nov 08 16:29:12 navajo traefik[70417]: time="2020-11-08T16:29:12Z" level=info msg="Testing certificate renew..."
Nov 08 16:29:12 navajo traefik[70417]: time="2020-11-08T16:29:12Z" level=warning msg="A new release has been found: 2.3.2. Please consider updating."
Nov 09 16:29:12 navajo traefik[70417]: time="2020-11-09T16:29:12Z" level=info msg="Testing certificate renew..."

How to resolve the same?

antonvorobets · March 18, 2022, 9:56am

Did you find a solution to this issue? I have the same problem on google cloud.

I have disabled http traffic for the server. Can this be the cause of the issue?

jdmansour · March 18, 2022, 10:59am

Yes, http is required (at least for the initial certificate, I’m not sure about renewal).

antonvorobets · March 18, 2022, 11:08am

It is clear that http is required for the initial certificate

Can anyone answer if it’s required for auto renewals as well?

minrk · March 18, 2022, 12:23pm

Using the http challenge, port 80 must be used for both first issue and renewal. If you switch to the TLS challenge, certificate requests will use 443.

more info from Let’s Encrypt, with various caveats.

Topic		Replies	Views
TLJH Let's encrypt https renewal problem JupyterHub	2	756	July 7, 2020
TLJH on ec2, letsencrypt didn't renew, and now I can't get it [resolved] JupyterHub	1	575	September 15, 2020
Problems with TLJH HTTPS / SSL problems JupyterHub jupyterhub	2	450	June 6, 2020
Update certificate without restart jupyterhub service JupyterHub jupyterhub , how-to	2	149	February 1, 2024
TLJH \| Need some help with setting up https and letsencrypt The Littlest JupyterHub help-wanted	2	975	June 7, 2022

SSL certificates not renewed with TLJH

Related Topics