We are trying to fix it for more than a week:
We have Jira Server (tomcat) on Linux (Debian 10) that runs behind nginx reverse proxy (SSL) on the same host.
Previously it was running on a Letsenrypt certificate with no issues. When the certificate expired, I got a new one and just replaced cert/key .pem files contents with newly received certificate details. So no paths or other conditions changed. Jira and Nginx should just continue using same files but with different contents.
But unfortunately after changin certt/key files content Jira service fails to start. However, nginx starts properly and uses the certificate as expected, so I can visit Jira homepage with no SSL errors, but get Bad Gateway as Jira doesn't work.
Checked Jira and systemd logs - nothing useful. attlassian-jira-log ends up 4 days ago and never includes any messages after that date, but in fact I was trying to start it dozens of time after that date, but can't see any log.
Systemd just tels that Jira is exited with the error code 1=failed.
I don't have an option to revert cert contents or the whole Jira server, so have to fix it.
1. Found that after getting a 3rd party cert, adding it to Tomcat is needed. Done, but no result:
2. So I thought to do the thing from scratch and generated a new Java keystore, then csr for it and then it's corresponding p.23 + specifying the keystore path in Tomcat's server.xml. Everything according to this: https://confluence.atlassian.com/adminjiraserver/running-jira-applications-over-ssl-or-https-938847764.html
The cert was signed and added to nginx properly, but Jira still doesn't start.
I've tried both to add and to remove the keystore path from server.xml. Previously the path wasnt specified and everything was working properly.
It's a big stress for us and we need to somehow fix it.
1. Where is the default java keystore (that Jira uses when no keystore is explicitly specified in server.xml) is located? I found Java home and it's keytool, but don't see any default JKS
2. Where else can Jira put it's error logs regarding problems that blocks the service from starting up? attlassian-jira-log, diganotics-log are not informative since the time Jira started to fail.
3. If chaging letsencrypt certs contents has broken Jira, How can I repeat the process from the beginnnng proprely?
4. Is it possible that SSL certs has broken Jira (nothing else was chaged: permissions, paths or whatever, it just started ot fail after the reboot) or I should investigate for a root cause further?
5. Is there a way to create and restore a backup of Jira Server (SeviceDesk, Software) Tomcat DB when Jira itseld is failed?
Thanks in advance
Hi Oleg and welcome to the community,
3) If you use nginx, then jira is just running without ssl and nginx is doing the ssl handling.
So normally, this shouldn't affect the jira instance
4) see 3
5) If you have backups, you can restore both DB, install directory, home directory.
I would suggest to try to start jira with a non SSL server.xml config to make sure that ssl is not causing this issue.
Hope this helps,
This morning, Atlassian announced the acquisition of ThinkTilt , the maker of ProForma, a no-code/low code form builder with 700+ customers worldwide. ThinkTilt helps IT empower any team in their or...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events