TLJH | Need some help with setting up https and letsencrypt

Jasper2_0 · November 25, 2021, 9:46pm

Hi, I’m hoping there’s someone who can help me out with setting up https for my TLJH server. I’m on an Azure Ubuntu 18.04 VM.

I followed the instructions for setting up HTTPS with LetsEncrypt.

Here’s the relevant part of my config:

https:
  enabled: true
  letsencrypt:
    email: me@domain.site
    domains:
    - subdomain.domain.site

However when I try to acces TLJH in the browser I now get an invalid certificate error (NET::ERR_CERT_AUTHORITY_INVALID to be specific) and it seems like TLJH wasn’t able to connect with LetsEncrypt. I followed the troubleshooting guide and I found the following error in the traefik logs:

Nov 25 21:24:24 machine traefik[16073]: time="2021-11-25T21:24:24Z" level=error msg="Unable to obtain ACME certificate for domains \"subdomain.domain.site\" : unable to generate a certificate for the domains [subdomain.domain.site]: error: one or more domains had a problem:\n[subdomain.domain.site] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: During secondary validation: Invalid response from https://reverbchannel-hub.aced.site/.well-known/acme-challenge/JBKmXNaFunO33ZOz2hcUyR5RmzwGlq3nMEC0MRRWwMI [2a03:3c00:a002:202::1000]: 
\"\\n<!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\">\\n<html><head>\\n<title>500 Internal Server Error</title>\\n</head><body>\\n<h1>Inte\"

But now I am somewhat lost as to how to fix this. Any thoughts or ideas?

flo.beyer · November 30, 2021, 10:29am

Hi @Jasper2_0,

after I had some problems with lets encrypt I switched to the manual setup. Once you know how to do it, it is done quickly.

I set up my subdomain and then my provider also offers to create certificate and private key for the subdomain.
You then get two files that you copy to the virtual machine.

After that you only had to enter the following commands (replace the paths) and reload the hub:

sudo tljh-config set https.enabled true
sudo tljh-config set https.tls.key /etc/mycerts/mydomain.key
sudo tljh-config set https.tls.cert /etc/mycerts/mydomain.cert
sudo tljh-config reload proxy
sudo tljh-config reload hub`

Afterwards lets show the new settings:

sudo tljh-config show

Output:

https:
  enabled: true
  tls:
    key: /etc/mycerts/mydomain.key
    cert: /etc/mycerts/mydomain.cert

SOURCE

Jasper2-0 · June 7, 2022, 7:57pm

A bit of a belated response, but after moving to a different TLD and going through the setup procedure another time, it worked like a charm.

Topic		Replies	Views
Problems with TLJH HTTPS / SSL problems JupyterHub jupyterhub	2	449	June 6, 2020
TLJH on ec2, letsencrypt didn't renew, and now I can't get it [resolved] JupyterHub	1	571	September 15, 2020
Trouble getting HTTPS / letsencrypt working with 0.9.0-beta.4 JupyterHub	11	2652	February 25, 2022
Connection is not secure with automatic HTTPS JupyterHub	3	778	August 3, 2021
TLJH Let's encrypt https renewal problem JupyterHub	2	752	July 7, 2020

TLJH | Need some help with setting up https and letsencrypt

Related Topics