• Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Critical Critical
    • core
    • None

      Unable to update or install plugins, no new security configurations made in our network layer.

      was working fine until last week.

       

      sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) Caused: sun.security.validator.ValidatorException: PKIX path building failed at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) Caused: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alert.createSSLException(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.TransportContext.fatal(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source) at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source) at sun.security.ssl.SSLHandshake.consume(Unknown Source) at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at sun.security.ssl.HandshakeContext.dispatch(Unknown Source) at sun.security.ssl.TransportContext.dispatch(Unknown Source) at sun.security.ssl.SSLTransport.decode(Unknown Source) at sun.security.ssl.SSLSocketImpl.decode(Unknown Source) at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.followRedirect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source) at java.net.URLConnection.getHeaderFieldLong(Unknown Source) at java.net.URLConnection.getContentLengthLong(Unknown Source) at java.net.URLConnection.getContentLength(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getContentLength(Unknown Source) at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1242) Caused: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1258) Caused: java.io.IOException: Failed to load https://updates.jenkins.io/download/plugins/git/4.4.0/git.hpi to C:\Jenkins\plugins\git.jpi.tmp at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1265) Caused: java.io.IOException: Failed to download from https://updates.jenkins.io/download/plugins/git/4.4.0/git.hpi (redirected to: https://get.jenkins.io/plugins/git/4.4.0/git.hpi) at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1299) at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:1847) at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:2125) at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1821) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:111) at java.lang.Thread.run(Unknown Source)

       

          [JENKINS-63515] Unable to update or install plugins

          Tim Jacomb added a comment -

          This is caused by out of date java installations not being able to handle let's encrypt certificates. Update your java version and / or trust store.

          Tim Jacomb added a comment - This is caused by out of date java installations not being able to handle let's encrypt certificates. Update your java version and / or trust store.

          Laksh Parab added a comment - - edited

          I am having the same issue on Windows machine. So suggestion is to upgrade Java.

          Currently I am using java version "1.8.0_66". Because of new license agreement by Oracle, JRE is not free anymore. We cannot download the latest 8 version.

          How do I get version  jdk1.8.0_261 ? 

          I tried downloading Open JDK, but the latest Open JDK version 8 I can download is  openjdk version "1.8.0_41"  which looks older than my current version 1.8.0_66

           

          Laksh Parab added a comment - - edited I am having the same issue on Windows machine. So suggestion is to upgrade Java. Currently I am using java version "1.8.0_66" . Because of new license agreement by Oracle, JRE is not free anymore. We cannot download the latest 8 version. How do I get version   jdk1.8.0_261 ?   I tried downloading Open JDK, but the latest Open JDK version 8 I can download is  openjdk version "1.8.0_41"   which looks older than my current version  1.8.0_66  

          Mark Waite added a comment -

          laksh see https://adoptopenjdk.net/ to download a current Java version for Windows or Linux or PowerPC or s390x.

          Mark Waite added a comment - laksh see https://adoptopenjdk.net/ to download a current Java version for Windows or Linux or PowerPC or s390x.

          I am having the same issue on Windows machine.

          Currently I am using Jenkins 2.235.2 along with java version "1.8.0_202". I tried to use version 1.8.0_261 and 1.8.0_271 still facing the same issue. 

           

          Any idea ? 

           

          Nilesh Pardeshi added a comment - I am having the same issue on Windows machine. Currently I am using Jenkins 2.235.2 along with java version "1.8.0_202".  I tried to use version 1.8.0_261 and 1.8.0_271 still facing the same issue.    Any idea ?   

          Sebastian Willdo added a comment - - edited

          Same error on Jenkins 2.270 with jdk: jdk1.8.0_271 (update site: https://updates.jenkins.io/update-center.json)

          Sebastian Willdo added a comment - - edited Same error on Jenkins 2.270 with jdk: jdk1.8.0_271 (update site: https://updates.jenkins.io/update-center.json )

          Tim Jacomb added a comment -

          0k00l

          > This is caused by out of date java installations not being able to handle let's encrypt certificates. Update your java version and / or trust store.

          Tim Jacomb added a comment - 0k00l > This is caused by out of date java installations not being able to handle let's encrypt certificates. Update your java version and / or trust store.

          timja I've already updated jdk to 1.8.0_271 and it doesn't work. Which java version should i use then?
          I've also tried to add all Lets encrypt certs ... same error - cannot download plugins

          Sebastian Willdo added a comment - timja I've already updated jdk to 1.8.0_271 and it doesn't work. Which java version should i use then? I've also tried to add all Lets encrypt certs ... same error - cannot download plugins

          Tim Jacomb added a comment -

          What operating system are you on?

          Some users upgraded to java 11 and that was the easiest fix for them

          Tim Jacomb added a comment - What operating system are you on? Some users upgraded to java 11 and that was the easiest fix for them

          timja Linux (RedHat) - will try with 11

          Sebastian Willdo added a comment - timja Linux (RedHat) - will try with 11

          timja Got it - it was our proxy fault(one of our admins change certificate for it and tell no one ). Thank you . Problem solved.

          Sebastian Willdo added a comment - timja Got it - it was our proxy fault(one of our admins change certificate for it and tell no one ). Thank you . Problem solved.

            Unassigned Unassigned
            manish940 Maneesh Vadlapatla
            Votes:
            16 Vote for this issue
            Watchers:
            22 Start watching this issue

              Created:
              Updated:
              Resolved: