Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatic HTTPS setting doesn't work #345

Closed
lucas-mior opened this issue May 23, 2019 · 4 comments
Closed

Automatic HTTPS setting doesn't work #345

lucas-mior opened this issue May 23, 2019 · 4 comments
Labels
support Support questions (should be on discourse.jupyter.org instead)

Comments

@lucas-mior
Copy link

lucas-mior commented May 23, 2019
edited by consideRatio
Loading

I currently have a server running JupyterHub and when I set automatic https with Let's Encrypt and reloaded proxy, and access JupyterHub, it says the certificate is not valid.
My config.yaml:

user:
    admin:
    - xxxxx
https:
    enabled: true
    letsencrypt:
        email: xxxxx@gmail.com
        domains:
        - xxxxxxx
@lachlancampbell
Copy link

I've had this sporadically as well, but I believe its a LetsEncrypt problem rather than a TLJH problem. Sometimes the domain check just fails, and I haven't been able to figure out why. See below for logs from a previous instance:

May 14 05:01:30 ansible-instance python3[18826]: [E 2019-05-14 05:01:30.204 JupyterHub proxy:102] Error checking traefik api for backend /
May 14 05:01:30 ansible-instance python3[18826]: Traceback (most recent call last):
May 14 05:01:30 ansible-instance python3[18826]: File "/opt/tljh/hub/lib/python3.6/site-packages/jupyterhub_traefik_proxy/proxy.py", line 99, in _check_for_traefik_endpoint
May 14 05:01:30 ansible-instance python3[18826]: resp = await self._traefik_api_request(path)
May 14 05:01:30 ansible-instance python3[18826]: File "/opt/tljh/hub/lib/python3.6/site-packages/jupyterhub_traefik_proxy/proxy.py", line 142, in _traefik_api_request
May 14 05:01:30 ansible-instance python3[18826]: auth_password=self.traefik_api_password,
May 14 05:01:30 ansible-instance python3[18826]: ConnectionRefusedError: [Errno 111] Connection refused
...
May 14 05:01:43 ansible-instance traefik[18819]: time="2019-05-14T05:01:43Z" level=error msg="Unable to obtain ACME certificate for domains "tljh.myddns.rocks" : unable to generate a certificate for the domains [tljh.myddns.rocks]: acme: Error -> One or more domains had a problem:\n[tljh.myddns.rocks] acme: Error 400 - urn:ietf:params:acme:error:connection - Fetching http://tljh.myddns.rocks/.well-known/acme-challenge/Paf3ua17jTCO4ixn34Oj2oSyriuTeTewOTBv35ts9Tg: Timeout during connect (likely firewall problem)\n"

@yuvipanda yuvipanda added the support Support questions (should be on discourse.jupyter.org instead) label May 24, 2019
@efedorov-dart
Copy link

The same issue.

@anthmapper
Copy link

anthmapper commented Jun 28, 2019
edited
Loading

I guess that's the same issue:
#115

i actually found a "workaround", and posted it in that thread ;)

@consideRatio consideRatio mentioned this issue Oct 22, 2021
Open
5 tasks
@consideRatio
Copy link
Member

I'm closing this in favor of #726 which is about adding documentation to help users setup HTTPS more reliably without failing. Also note that Traefik relies on LEGO - a library to acquire HTTPS certificates via the ACME negotiation protocol. Both traefik and LEGO has fixed various bugs over time with regards to this, and I know using a more modern version of Traefik has solved some challenges in the past.

The latest traefik v1 version is v1.7.33, and TLJH now installs 1.7.18. I opened #727 to make us bump it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support Support questions (should be on discourse.jupyter.org instead)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@yuvipanda @consideRatio @lachlancampbell @anthmapper @efedorov-dart @lucas-mior