Jira service not running with HTTPS

CastleByte November 24, 2017

I am having an issue with getting Jira to run over HTTPS. Every time I add a signed key store into the Jira configuration tool it is able to see the certificate and all of the information is right, but when I reboot the service it will never start, it just gives an error saying the service started and then stopped. If I turn it to just HTTP it works normally. The certificate I have was created with Portecle and signed by Let's Encrypt. This was working with 7.2, but after installing 7.5 this continues to happen. I have created a new virtual machine with a clean install of Windows and fully configured Jira, MySQL, and created the certificate by following the Atlassian documentation. I am not sure what else to do or why it isn't working with the certificate. 

3 answers

0 votes
CastleByte December 5, 2017

Well after going through the logs and doing some more research I figured out the issue!

 

https://confluence.atlassian.com/display/ACCESSIBILITY/JIRA+upgrade+fails+due+to+using+old+SSL+Connector+org.apache.coyote.http11.Http11Protocol

 

I had the wrong connector in the server.xml file. Whenever I run the configuration tool for HTTPS it changes it back though, but at least I know how to fix it. 

 

I will look into the reverse proxy as well, thanks!

louisdj
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 5, 2017

Good to hear you found the solution. If you need any assistance with the reverse proxy, let me know.

0 votes
louisdj
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
December 5, 2017

Personally, I can recommend using a reverse proxy. The config is easier to setup and more stable with updating JIRA. 

You can read the documentation for Integrating JIRA with Nginx if you need more information.

0 votes
Eduard M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 27, 2017

Hello,

Please go over the following steps and let us know the output:


1) What is the installation directory for the JAVA VM running JIRA? You will need to locate the cacerts file.
2) Back up the original cacerts file
3) Generate the list of certificates in the cacerts file before applying any changes
keytool -list -keystore cacerts -v > cacerts_orig_cert_list.out
4) Import the public certificate into the cacerts file
keytool -import -alias your_domain_com -keystore /usr/java/latest/jre/lib/security/cacerts -file my.certificate.domain.com.crt

CastleByte November 29, 2017

I was able to import the keystore and it said it completed successfully, but the same issue is occurring. The service will start when set to HTTP only, but when HTTPS is selected it won't run. 

Eduard M
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
November 29, 2017

OK, let's take a look at the atlassian-jira.log in the jira home logs folder. There should be some error there related to the certificate. You should also try starting jira with the bin/start-jira.bat rather than the service as that may behave slightly differently due to how Windows service permissions work.

Suggest an answer

Log in or Sign up to answer