So I got into the letsencrypt-everything-train using letsencrypt. It’s really nice being able to add SSL to all my private and public domains, gives me the illusion of security, anyway, you are most likely here to know how to add your letsencrypt certificates to your iPython or Jupyter setup.
If you already have your letsencrypt certificate skip to step 3.
1. Clone letsencrypt from github
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt sudo cd /opt/letsencrypt
Copy the generated certificates to a location your notebook server can access
2. generate a certificate for your domain, I love this one liner
./letsencrypt-auto certonly --standalone --email hi@perrohunter.com -d a.4ph.in
3. On your iPython/Jupyter configuration file you’d need to add the following lines
c.NotebookApp.certfile = u'/your/cert/path/cert.pem' c.NotebookApp.keyfile = u'/your/cert/path/privkey.pem'
Start your notebook server and voila.
Hope this is useful to you.
I tried this but first got a permissions error since jupyter wasn’t able to access the /etc/letsencrypt directory. Once I got that sorted it would start but still gives me a browser warning that it’s an untrusted site. Does your browser address bar turn green with this or stay red?
It should turn green, try moving the certificates to a folder the user running jupyter has access to
the only way this worked for me if I run jupyter notebook with sudo but that works.
This is something you should really be careful with. Giving the jupyter server access to your private key could compromise the rest of your security, especially if you follow your suggestion in this blog of using the root cert for the jupyter server.
It’s incorrect to use cert.pem – it’ll technically work, but the cert won’t be trusted fully.
> c.NotebookApp.certfile = u’/your/cert/path/cert.pem’ # c.NotebookApp.certfile = u’/your/cert/path/fullchain.pem’ # <– Correct
To see the difference, just put your notebook URL in an SSL certificate checker. You'll see that the latter configuration actually respects the SSL chain of trust.
Sorry the formatting got really weird there. I’ll try again:
Incorrect:
c.NotebookApp.certfile = u’/your/cert/path/cert.pem’
Correct:
c.NotebookApp.certfile = u’/your/cert/path/fullchain.pem’
Changing the ownership of the ssl files fixed it:
chown /home//certs/fullchain.pem
chown /home//certs/privkey.pem
If it is still doesn’t work, try:
https://www.symerio.com/blog/enable-ssl-in-flask-and-jupyter
Changing the ownership of the ssl files fixed it:
chown UserName /home/UserName/certs/fullchain.pem
chown UserName /home/UserName/certs/privkey.pem
If it is still doesn’t work, try:
https://www.symerio.com/blog/enable-ssl-in-flask-and-jupyter
v4niez