Jupyter on EC2: SSL Error

Question

I'm trying to serve a Jupyter notebook from EC2 but I'm getting an SSL error. I'm using this AMI: TensorFlow GPU - @nottombrown (ami-8ed4d0e4). I used a self-signed certificate and that might be part of the problem.

I've looked at several other SO posts that have a similar error such as this, this and this, but they're getting the error in a quite different context and I can't figure out how to get the solutions (such as setting verify=False) to work for me.

[E 15:52:44.954 NotebookApp] Exception in callback (<socket._socketobject object at 0x7f5f993dad00>, <function null_wrapper at 0x7f5f99319758>)
    Traceback (most recent call last):
      File "/usr/local/lib/python2.7/dist-packages/tornado/ioloop.py", line 883, in start
        handler_func(fd_obj, events)
      File "/usr/local/lib/python2.7/dist-packages/tornado/stack_context.py", line 275, in null_wrapper
        return fn(*args, **kwargs)
      File "/usr/local/lib/python2.7/dist-packages/tornado/netutil.py", line 274, in accept_handler
        callback(connection, address)
      File "/usr/local/lib/python2.7/dist-packages/tornado/tcpserver.py", line 239, in _handle_connection
        do_handshake_on_connect=False)
      File "/usr/local/lib/python2.7/dist-packages/tornado/netutil.py", line 521, in ssl_wrap_socket
        return ssl.wrap_socket(socket, **dict(context, **kwargs))
      File "/usr/lib/python2.7/ssl.py", line 487, in wrap_socket
        ciphers=ciphers)
      File "/usr/lib/python2.7/ssl.py", line 241, in __init__
        ciphers)
    SSLError: [Errno 336265225] _ssl.c:355: error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib

Answer 1

Try to add https:// to force web browser to use HTTPS-connection.

I got:

[W 08:25:56.148 NotebookApp] SSL Error on 9 ('<jupyter-server-ip>', 62862): [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:590)

because Chrome tried to use HTTP connection. When using

https://<jupyter-server-ip> 

it finally works :)

Answer 2

This error means that the SSL certificate can't be found.

If you haven't yet created an SSL certificate:

Create one by typing the following into the command line (starting at your home directory):

$ mkdir certs
$ cd certs
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem

(from these instructions)

Now that you have an SSL certificate:

You need to tell Jupyter where to find it.

Take a look at jupyter_notebook_config.py if you have one (or generate one using jupyter notebook --generate-config).

Make sure that you have the following line:

c.NotebookApp.certfile = u'/home/ubuntu/certs/mycert.pem' #location of your certificate file

(see the Jupyter Notebook docs)

and make sure that your self-signed SSL certificate is actually at that location. A common mistake is to mix up certs with .certs for example. A mistake like this will result in Jupyter not being able to find your SSL certificate and that'll result in the error that you're getting.

Answer 3

I found out that the permission issue is occurring because the mycert.pem file has only root permissions

drwxrwxr-x 2 ubuntu ubuntu 4096 Mar 20 12:22 .
drwxr-xr-x 9 ubuntu ubuntu 4096 Mar 20 12:09 ..
-rw------- 1 root   root   2949 Mar 20 12:22 mycert.pem

I could not run jupyter notebook as root therefore i chowned the permissions

sudo chown ubuntu:ubuntu mycert.pem

this solved the issue

Answer 4

I had a the same error while running jupyter notebook as a public server with a self-signed cert under Unbuntu 14.4. In my case, the problem was due to an error in the jupyter_notebook_config.py file. I had incorrectly set c.NotebookApp.client_ca = u'/../mycert.pem'. Commenting this line out solved the problem.

Answer 5

This error comes because to two reasons:

1. Certificate Issue

$ mkdir certs
$ cd certs
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mycert.pem -out mycert.pem

2. Wrong http(s) call.

   • https://ec2-ip:8888 | use https

   • To get ec2-ip curl http://checkip.amazonaws.com