How to use letsencrypt certificates in Jupyter and IPython

jupyter-sq-textSo I got into the letsencrypt-everything-train using letsencrypt. It’s really nice being able to add SSL to all my private and public domains, gives me the illusion of security, anyway, you are most likely here to know how to add your letsencrypt certificates to your iPython or Jupyter setup.

If you already have your letsencrypt certificate skip to step 3.

1. Clone letsencrypt from github

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
sudo cd /opt/letsencrypt

Copy the generated certificates to a location your notebook server can access

2. generate a certificate for your domain, I love this one liner

./letsencrypt-auto certonly --standalone --email hi@perrohunter.com -d a.4ph.in

3. On your iPython/Jupyter configuration file you’d need to add the following lines

c.NotebookApp.certfile = u'/your/cert/path/cert.pem'
c.NotebookApp.keyfile = u'/your/cert/path/privkey.pem'

Start your notebook server and voila.

Hope this is useful to you.

9 thoughts on “How to use letsencrypt certificates in Jupyter and IPython

  1. I tried this but first got a permissions error since jupyter wasn’t able to access the /etc/letsencrypt directory. Once I got that sorted it would start but still gives me a browser warning that it’s an untrusted site. Does your browser address bar turn green with this or stay red?

    • It should turn green, try moving the certificates to a folder the user running jupyter has access to

  2. This is something you should really be careful with. Giving the jupyter server access to your private key could compromise the rest of your security, especially if you follow your suggestion in this blog of using the root cert for the jupyter server.

  3. It’s incorrect to use cert.pem – it’ll technically work, but the cert won’t be trusted fully.

    > c.NotebookApp.certfile = u’/your/cert/path/cert.pem’ # c.NotebookApp.certfile = u’/your/cert/path/fullchain.pem’ # <– Correct

    To see the difference, just put your notebook URL in an SSL certificate checker. You'll see that the latter configuration actually respects the SSL chain of trust.

    • Sorry the formatting got really weird there. I’ll try again:

      Incorrect:

      c.NotebookApp.certfile = u’/your/cert/path/cert.pem’

      Correct:

      c.NotebookApp.certfile = u’/your/cert/path/fullchain.pem’

Leave a Reply

Your email address will not be published. Required fields are marked *