Update certificate without restart jupyterhub service

In our case, we need our JupyterHub server (we are using v2.2.2) keep running.
I set up the certification within jupyterhub_config.py

c.JupyterHub.ssl_key = '/path/to/my.key'
c.JupyterHub.ssl_cert = '/path/to/my.cert'

and use certbot to create and auto-renew the certification:

sudo certbot certonly --standalone

However, after a few weeks, the website shows that the certification is outdated, and this can be fixed after I restart the jupyterhub service.
I checked the log of crontab, it indeed auto-renew the certification, but seems that jupyterhub service didn’t auto renew it?

Is there a way for jupyterhub to update the certificate without restarting the service?
Or did I missed some other settings?

I dont think you can update the certificate without restart JupyterHub. One thing you can do is to configure TLS on a reverse proxy like nginx and reload nginx service everytime you update the certificate.

Another option is to use traefik proxy instead of configurable-http-proxy. The docs of traefik proxy show how to renew TLS certs automatically using Let’s Encrypt.

1 Like

Thank you for the solution. I’ve tried the reverse proxy by nginx and it works fine.

1 Like