Manual Certificate Setup. SSLError: peer did not return a certificate

robbieburns · April 25, 2016, 2:13am

Hi,

I have used letsencrypt certonly to generate a certificate for my server. I want to use the certificate with ipython notebook, which can be configured to serve “notebooks” that are publicly accessible.

Using a self-signed certificate “worked” fine (except for the exceptions generated when accessing the site, that you have to override). I wanted to set up a proper certificate so I can access the notebook via https correctly (hence using letsencrypt).

There are some configuration settings for ipython notebook: a setting for the certificate (set path to cert.pem) the key (set path to privkey.pem) and the certificate authority (set path to fullchain.pem).

This works partially—you can start up the ipython notebook server no problem, but when you try to access the site there is a log from ipython notebook as follows:

[W 02:10:10.128 NotebookApp] SSL Error on 8 ('xxx.xxx.xxx.xxx', 49338): [SSL:PEER_DID_NOT_RETURN_A_CERTIFICATE] peer did not return a certificate (_ssl.c:590)
[E 02:10:10.129 NotebookApp] Uncaught exception

I am new to setting up certificates. Can anybody help me out here? What is causing the error? or where to from here?

thanks very much

Rob P.

cool110 · April 25, 2016, 6:33am

Change the cert to fullchain.pem and get rid of the CA setting (in any case that should be chain.pem not fullchain.pem), that setting is for checking client certs which is probably not what you want do be doing.

gouttegd · April 25, 2016, 6:46am

Unless I’m mistaken, the SSL error you got indicates that the server expected the client to authenticate itself.

How exactly did you start the Notebook server? Did you use the –client-ca option? If so, you may have misunderstood the purpose of that option—you should not set it to the path of the fullchain.pem file as returned by Let’s Encrypt.

robbieburns · April 25, 2016, 9:11am

Thank you to both cool110 and gouttegd.

Yes, I was using the --client-ca option (with fullchain.pem) which is obviously completely wrong. I removed this, replaced the certificate with fullchain.pem, and everything is now hunky dory.

Clearly, I’m kindof a dufus at this https lark, but never mind it’s working now.

system · May 25, 2016, 9:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.