I'm posting this up because a considerable amount of time was wasted running off on a wild goose chase tracking down what we believed was a network communications issue when it was actually completely unrelated to network communications. Techincally this isn't a question, but rather a bit of knowledge that will hopefully spare another systems engineer the trouble of tracking down this problem.
When attempting to import repositories from a repository over HTTPS (SSL), the error "Unable to reach server" is shown. When examining the atlassian-bitbucket.log on the server, there is no indication of any exception being thrown.
While the vague error "Unable to reach server" suggests a network problem, the actual problem is that your local Java trust store does not contain the issuing Certification Authority certificate for the SSL certificat in use on your repository server. You can verify this by using the SSLPoke Java class provided by Atlassian (where source-server-fqdn is the fully qualified domain name of your source repository server):
java SSLPoke <source-server-fqdn> 443
If Java does not trust the certificate authority that issued your source server's certificate, you'll an exception similar to the following:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target.
Acquire the Certification Authority's CA that issued your source server's SSL certificate and import it into the Java CA trust store.
keytool -import -alias <desired-alias> -file /path/to/certificate.crt -keystore /path/to/java/cacerts
Once the certificate is imported, retry the SSLPoke test. If it works, restart the Bitbucket server.
Because this is probably a bug and I can't actually submit a report for it to Atlassian, below is some information on my Bitbucket server at the time this problem was found and resolved:
Bitbucket Version: 4.11.0
Host OS Version: CentOS 7.2.1511 (Kernel 3.10.0-327.36.3.el7.x86_64)
Java JDK Version: 1.8.0u112 x64
Brilliant report, I'm sure many people will find this helpful.
Another solution is to upgrade your Java version, since that sometimes brings in new ca authority certs. For example, Java only started trusting "Let's Encrypt" sites as of Java 8u101 (July, 2016).
p.s. I invite people to try my add-on: Bit-Booster for Bitbucket Server
Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs