Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira SSL LetsEncrypt Not working

Benjamin Spence
Benjamin Spence June 28, 2018

Hi, I seem to be having problems setting up SSL for my jira site. I've followed articles but it doesn't appear to start up my jira instance

```

<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxHttpHeaderSize="8192" SSLEnabled="true"
maxThreads="150" minSpareThreads="25"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" useBodyEncodingForURI="true"
keyAlias="root" keystoreFile="/home/jira/jira.jks" keystorePass="mypasswordhere" keystoreType="JKS"/>

```

Articles I followed:

https://community.atlassian.com/t5/Jira-questions/HTTPs-for-JIRA-with-Letsencrypt/qaq-p/818083

https://community.atlassian.com/t5/Jira-questions/HTTPs-for-JIRA-with-Letsencrypt/qaq-p/818083

Answer
Watch
Like Be the first to like this
1931 views

1 answer

1 accepted

0 votes
Answer accepted
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 28, 2018

What is the error what you start your Jira instance?

View More Comments
Benjamin Spence
Benjamin Spence June 29, 2018 
29-Jun-2018 16:39:58.517 SEVERE [main] org.apache.catalina.core.StandardService.destroyInternal Failed to destroy connector [Connector[org.apache.coyote.http11.Http11Protocol-8443]]

 org.apache.catalina.LifecycleException: Failed to destroy component [Connector[org.apache.coyote.http11.Http11Protocol-8443]]

 at org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:302)

 at org.apache.catalina.core.StandardService.destroyInternal(StandardService.java:571)

 at org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:297)

 at org.apache.catalina.core.StandardServer.destroyInternal(StandardServer.java:881)

 at org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:297)

 at org.apache.catalina.startup.Catalina.start(Catalina.java:659)

 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

 at java.lang.reflect.Method.invoke(Method.java:498)

 at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:355)

 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:495)

Caused by: org.apache.catalina.LifecycleException: Protocol handler destroy failed

 at org.apache.catalina.connector.Connector.destroyInternal(Connector.java:1008)

 at org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:297)

 ... 11 more

Caused by: java.lang.NullPointerException

 at org.apache.catalina.connector.Connector.destroyInternal(Connector.java:1006)

 ... 12 more
Like
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 29, 2018

That's not the error message. That's the Tomcat shutting down.

Like
Benjamin Spence
Benjamin Spence June 30, 2018

So I've not really seen anything by way of error in the logs. Everything appears to start properly, the port is Listening, but it will not let me connect on https 8443. Oddly enough http 8443 works despite the SSL directives.

Like
Benjamin Spence
Benjamin Spence June 30, 2018

I've made some changes to my config that I saw in an article related to an issue on the SSLProtocols variable

 

 <Connector port="8443" maxHttpHeaderSize="8192"

   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

   enableLookups="false" disableUploadTimeout="true" useBodyEncodingForURI="true"

   acceptCount="100" scheme="https" secure="true"

   clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.3"

   keystoreFile="/home/jira/.keystore"

   keystorePass="MYPASSWORD"

   keyAlias="root"/>

 

Like
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 30, 2018

You can post your whole server.xml here which will help.

You can also try SSLPoke to test the connection:

Though, I personally prefer:

  • openssl s_client -connect <domain>:<port>
Like
Benjamin Spence
Benjamin Spence June 30, 2018

I just saw this error with my latest start up

...I will try the SSL poke and post the full server.xml next. Thanks for the help.

2018-06-30 22:49:00,244 http-nio-8443-exec-4 ERROR anonymous 1369x4x1 - x.x.x.x /plugins/servlet/gadgets/dashboard-diagnostics [c.a.g.d.internal.diagnostics.DiagnosticsServlet] DIAGNOSTICS: FAILED

com.atlassian.gadgets.dashboard.internal.diagnostics.UrlSchemeMismatchException: Detected URL scheme, 'https', does not match expected scheme 'http'

at com.atlassian.gadgets.dashboard.internal.diagnostics.Diagnostics.checkExpectedScheme(Diagnostics.java:52)

at com.atlassian.gadgets.dashboard.internal.diagnostics.Diagnostics.check(Diagnostics.java:31)

at com.atlassian.gadgets.dashboard.internal.diagnostics.DiagnosticsServlet.executeDiagnostics(DiagnosticsServlet.java:82)

at com.atlassian.gadgets.dashboard.internal.diagnostics.DiagnosticsServlet.doPost(DiagnosticsServlet.java:58)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

at com.atlassian.plugin.servlet.DelegatingPluginServlet.service(DelegatingPluginServlet.java:37)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

at com.atlassian.plugin.servlet.ServletModuleContainerServlet.service(ServletModuleContainerServlet.java:45)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)

... 53 filtered

at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)

... 58 filtered

at com.atlassian.jira.security.JiraSecurityFilter.lambda$doFilter$0(JiraSecurityFilter.java:66)

... 1 filtered

at com.atlassian.jira.security.JiraSecurityFilter.doFilter(JiraSecurityFilter.java:64)

... 36 filtered

at com.atlassian.jira.servermetrics.CorrelationIdPopulatorFilter.doFilter(CorrelationIdPopulatorFilter.java:30)

... 10 filtered

at com.atlassian.web.servlet.plugin.request.RedirectInterceptingFilter.doFilter(RedirectInterceptingFilter.java:21)

... 4 filtered

at com.atlassian.web.servlet.plugin.LocationCleanerFilter.doFilter(LocationCleanerFilter.java:36)

... 26 filtered

at com.atlassian.jira.servermetrics.MetricsCollectorFilter.doFilter(MetricsCollectorFilter.java:25)

... 23 filtered

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

30-Jun-2018 22:49:06.039 INFO [http-nio-8443-exec-6] org.apache.coyote.http11.Http11Processor.service Error parsing HTTP request header

Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.

java.lang.IllegalArgumentException: Invalid character found in method name. HTTP method names must be tokens

at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:462)

at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667)

at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:802)

at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1410)

at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:745)

Like
Benjamin Spence
Benjamin Spence June 30, 2018

Full server.xml..

<?xml version="1.0" encoding="utf-8"?>

<Server port="8005" shutdown="SHUTDOWN">

    <Listener className="org.apache.catalina.startup.VersionLoggerListener"/>

    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>

    <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>

    <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>

    <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

 

    <Service name="Catalina">

        <Connector port="8080" maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"

                   maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"

                   acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>

 

 <Connector port="8443" maxHttpHeaderSize="8192" protocol="org.apache.coyote.http11.Http11NioProtocol"

   maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

   enableLookups="false" disableUploadTimeout="true" useBodyEncodingForURI="true"

   acceptCount="100" scheme="https" secure="true"

   clientAuth="false" sslEnabledProtocols="TLSv1.2,TLSv1.3"

   keystoreFile="/home/jira/.keystore"

   keystorePass="MYPASSWORD"

   keyAlias="root"/>

 

        <Engine name="Catalina" defaultHost="localhost">

            <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">

 

                <Context path="" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">

                    <Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"

                              factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>

                    <Manager pathname=""/>

                    <JarScanner scanManifest="false"/>

                </Context>

 

            </Host>

            <Valve className="org.apache.catalina.valves.AccessLogValve"

                   pattern="%a %{jira.request.id}r %{jira.request.username}r %t &quot;%m %U%q %H&quot; %s %b %D &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{jira.request.assession.id}r&quot;"/>

        </Engine>

    </Service>

</Server>
Like
Benjamin Spence
Benjamin Spence June 30, 2018

Well that is definitely not good.

 

CONNECTED(00000005)

140735891502024:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.50.2/libressl/ssl/s23_clnt.c:565:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 7 bytes and written 318 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

---

Like
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
June 30, 2018

sslEnabledProtocols? That's for Tomcat 5/6. You should take a look at the Connector tag again against your Jira and Tomcat version.

Like
Benjamin Spence
Benjamin Spence June 30, 2018

I'm running Jira 7.10.1, and it says Tomcat 8.5.6

 

I put SSLEnabled according to this article. Should I just be using SSLProtocol="TLS"?

https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html

Like
Benjamin Spence
Benjamin Spence June 30, 2018

.....figured it out. A couple things I did wrong (and/or forgot). I removed the SSLEnabled=True for some reason along the way. The second was I had the key alias set to root, which after looking at my confluence set up, I never defined. I saw a key exception error which lead me down that path.. At any rate, SSL is working and I can now go have a beer. Thanks for your help sir!

Like
Timothy
Timothy
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
July 1, 2018

No beer for me too? :D

Like
Benjamin Spence
Benjamin Spence July 1, 2018

hahah, definitely, cheers!

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events