Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
Level
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Jira doesn't start after changing the SSL certificate

We are trying to fix it for more than a week:

 

We have Jira Server (tomcat) on Linux (Debian 10) that runs behind nginx reverse proxy (SSL) on the same host.

Previously it was running on a Letsenrypt certificate with no issues. When the certificate expired, I got a new one and just replaced cert/key .pem files contents with newly received certificate details. So no paths or other conditions changed. Jira and Nginx should just continue using same files but with different contents.

But unfortunately after changin certt/key  files content Jira service fails to start. However, nginx starts properly and uses the certificate as expected, so I can visit Jira homepage with no SSL errors, but get Bad Gateway as Jira doesn't work.

Checked Jira and systemd logs - nothing useful. attlassian-jira-log ends up 4 days ago and never includes any messages after that date, but in fact I was trying to start it dozens of time after that date, but can't see any log.

Systemd just tels that Jira is exited with the error code 1=failed.
I don't have an option to revert cert contents or the whole Jira server, so have to fix it.

1. Found that after getting a 3rd party cert, adding it to Tomcat is needed. Done, but no result:

https://confluence.atlassian.com/kb/how-to-import-an-existing-ssl-certificate-for-use-in-tomcat-838412853.html

2. So I thought to do the thing from scratch and generated a new Java keystore, then csr for it and then it's corresponding p.23 + specifying the keystore path in Tomcat's server.xml. Everything according to this: https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html

The cert was signed and added to nginx properly, but Jira still doesn't start.
I've tried both to add and to remove the keystore path from server.xml. Previously the path wasnt specified and everything was working properly.

It's a big stress for us and we need to somehow fix it.

Questions:

1. Where is the default java keystore (that Jira uses when no keystore is explicitly specified in server.xml) is located? I found Java home and it's keytool, but don't see any default JKS

2. Where else can Jira put it's error logs regarding problems that blocks the service from starting up? attlassian-jira-log, diganotics-log are not informative since the time Jira started to fail.

3. If chaging letsencrypt certs contents has broken Jira, How can I repeat the process from the beginnnng proprely?

4. Is it possible that SSL certs has broken Jira (nothing else was chaged: permissions, paths or whatever, it just started ot fail after the reboot) or I should investigate for a root cause further?

5. Is there a way to create and restore a backup of Jira Server (SeviceDesk, Software) Tomcat DB when Jira itseld is failed?

 

Thanks in advance

1 answer

1 accepted

1 vote
Answer accepted
Laurens Coppens Community Leader Mar 24, 2021

Hi Oleg and welcome to the community,

 

1) /opt/atlassian/jira/jre/lib/security/cacerts

2) /opt/atlassian/jira/logs

/jirahomedirectory/log

3) If you use nginx, then jira is just running without ssl and nginx is doing the ssl handling.

So normally, this shouldn't affect the jira instance

4) see 3

5) If you have backups, you can restore both DB, install directory, home directory.

 

I would suggest to try to start jira with a non SSL server.xml config to make sure that ssl is not causing this issue.

 

Hope this helps,

Laurens

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
TAGS
Community showcase
Published in Jira Service Management

ThinkTilt is joining the Atlassian Family!

This morning, Atlassian announced the acquisition of ThinkTilt , the maker of ProForma, a no-code/low code form builder with 700+ customers worldwide. ThinkTilt helps IT empower any team in their or...

244 views 14 17
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you