SSL Key Ownership

Issue:
After receiving renewal notice from Let’s Encrypt for Jupyter server, go to the virtual machine hosting Jupyter and renew the key successfully. But cannot login to the jupyter notebook from https.

Solution:

  1. Remove the symbolic link of privkey.pem under
    /etc/letsencrypt/live/[mydomain]/privkey.pem
  2. recreate the symbolic link with the dedicated user running Jupyter notebook.

Tricks:

  • As the jupyter server is run by the ownership of a dedicated user, after the renewal, the private key, i.e. privkey.pem must be owned by this user. However, I run the command:
    certbot renew

    under root.

  • note that let’s encrypt command for CentOS 6 is quite different from CentOS7

Config:

  • OS: CentOS 7
  • Jupyter-notebook: 5.7.8

Leave a Reply