Update certificate without restart jupyterhub service

ytdHuang · January 23, 2024, 1:45am

Hi,
In our case, we need our JupyterHub server (we are using v2.2.2) keep running.
I set up the certification within jupyterhub_config.py

c.JupyterHub.ssl_key = '/path/to/my.key'
c.JupyterHub.ssl_cert = '/path/to/my.cert'

and use certbot to create and auto-renew the certification:

sudo certbot certonly --standalone

However, after a few weeks, the website shows that the certification is outdated, and this can be fixed after I restart the jupyterhub service.
I checked the log of crontab, it indeed auto-renew the certification, but seems that jupyterhub service didn’t auto renew it?

Is there a way for jupyterhub to update the certificate without restarting the service?
Or did I missed some other settings?

mahendrapaipuri · January 23, 2024, 10:01am

I dont think you can update the certificate without restart JupyterHub. One thing you can do is to configure TLS on a reverse proxy like nginx and reload nginx service everytime you update the certificate.

Another option is to use traefik proxy instead of configurable-http-proxy. The docs of traefik proxy show how to renew TLS certs automatically using Let’s Encrypt.

ytdHuang · February 1, 2024, 1:54am

Thank you for the solution. I’ve tried the reverse proxy by nginx and it works fine.

Topic		Replies	Views
SSL certificates not renewed with TLJH The Littlest JupyterHub how-to , help-wanted	4	1078	March 18, 2022
TLJH on ec2, letsencrypt didn't renew, and now I can't get it [resolved] JupyterHub	1	591	September 15, 2020
TLJH Let's encrypt https renewal problem JupyterHub	2	768	July 7, 2020
Unable to combine recreate_internal_ssl=False with external_ssl_authorities JupyterHub help-wanted	0	420	September 22, 2021
Letsencrypt certificate verification failed after 09/30/2021 JupyterHub	3	724	October 29, 2021

Update certificate without restart jupyterhub service

Related Topics