I'm trying to deploy JupyterHub on a private Kubernetes cluster and want to setup the automatic HTTPS using letsencrypt. Based on the documents, I just need to provide host and email address, but everytime I try the url I'm getting this:
Your connection is not private
Attackers might be trying to steal your information from <my-domain> (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_AUTHORITY_INVALID
Subject: Kubernetes Ingress Controller Fake Certificate
Issuer: Kubernetes Ingress Controller Fake Certificate
Expires on: Feb 19, 2020
Current date: Feb 19, 2019
PEM encoded chain:
-----BEGIN CERTIFICATE-----
......
-----END CERTIFICATE-----
What does it mean? Any help is appreciated. Thanks,
To use the HTTPS option on JupyterHub, you need to ensure that you have your DNS entry for your domain pointed to your JupyterHub IP address before the deployment. On cloud providers, a simple hack is to start the JupyterHub without https, then add the external IP or CNAME of the jupyterhub service (seen on kubernetes) to your DNS record for your url. Then make a revision to your jupyterhub chart with the https option enabled, url and email set, then you should get the real certificate.
A more robust solution would be to either use load balancer offload (if your cloud provider support). Note that the "https:true" will create an nginx-ingress-controller, so this will create some issues if your cluster already has an ingress controller!