lib: Use ssl config to access default error target

Fixes usage of self-signed certs with JupyterHub with CHP.
Original issue here:
jupyterhub/zero-to-jupyterhub-k8s#1742 (comment)

Author: chancez

lib/configproxy.js

@@ -421,7 +421,6 @@ class ConfigurableProxy extends EventEmitter {
     // custom error server gets `/CODE?url=/escapedUrl/`, e.g.
     // /404?url=%2Fuser%2Ffoo
 
-    var proxy = this;
     var errMsg = "";
     this.statsd.increment("requests." + code, 1);
     if (e) {
@@ -439,16 +438,31 @@ class ConfigurableProxy extends EventEmitter {
     }
     this.log.error("%s %s %s %s", code, req.method, req.url, errMsg);
     if (!res) {
+      this.log.debug("Socket error, no response to send");
       // socket-level error, no response to build
       return;
     }
     if (this.errorTarget) {
       var urlSpec = URL.parse(this.errorTarget);
+      // error request is $errorTarget/$code?url=$requestUrl
       urlSpec.search = "?" + querystring.encode({ url: req.url });
       urlSpec.pathname = urlSpec.pathname + code.toString();
       var secure = /https/gi.test(urlSpec.protocol) ? true : false;
       var url = URL.format(urlSpec);
-      var errorRequest = (secure ? https : http).request(url, function (upstream) {
+      this.log.debug("Requesting custom error page: %s", urlSpec.format());
+
+      // construct request target from urlSpec
+      var target = URL.parse(url);
+      target.method = "GET";
+
+      // add client SSL config if error target is using https
+      if (secure && this.options.clientSsl) {
+        target.key = this.options.clientSsl.key;
+        target.cert = this.options.clientSsl.cert;
+        target.ca = this.options.clientSsl.ca;
+      }
+
+      var errorRequest = (secure ? https : http).request(target, function (upstream) {
         ["content-type", "content-encoding"].map(function (key) {
           if (!upstream.headers[key]) return;
           if (res.setHeader) res.setHeader(key, upstream.headers[key]);