I installed the latest Jenkins version and i can not install any plugins, it fails everytime.
Error logs :
Caused: java.io.IOException: Failed to load https://updates.jenkins.io/download/plugins/bouncycastle-api/2.30.1.77-225.v26ea_c9455fd9/bouncycastle-api.hpi to C:\Users\hassan.benharouga\.jenkins\plugins\bouncycastle-api.jpi.tmp
at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1334)
Caused: java.io.IOException: Failed to download from https://updates.jenkins.io/download/plugins/bouncycastle-api/2.30.1.77-225.v26ea_c9455fd9/bouncycastle-api.hpi (redirected to: https://ftp.belnet.be/mirror/jenkins/plugins/bouncycastle-api/2.30.1.77-225.v26ea_c9455fd9/bouncycastle-api.hpi)
at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1368)
at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:1925)
at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:2237)
at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1899)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:121)
at java.base/java.lang.Thread.run(Thread.java:842)
The administrators at https://ftp.belnet.be have seen cases of repeated and non-stop downloads of the same set of files. That type of misuse is a waste of the bandwidth that they donate to the Jenkins project and to other open source projects. They’ve implemented a fail2ban rule that blocks IP addresses after a certain (large) number of repeated downloads within a time period.
I suspect that your IP address has been added to their deny list by fail2ban. You’ll need to identify why your IP address is repeatedly downloading the same files many times within a short period of time. Once you’ve identified the reason for repeated downloads of the same files within a short period of time, you’ll need to open an issue with the Jenkins help desk to ask for the help of the belnet administrators.
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
Caused: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1351)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1226)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1169)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:589)
at
The problem is linked to SSL certification, i tried to add the certification of https://updates.jenkins.io/current/update-center.json in my java cacerts, but it’s still not working im kinda lost, by the way im not using a proxy.
We’ve seen that message when users had an invasive network device between their computer and updates.jenkins.io . For example, something that intercepts all network traffic in order to inspect it. You might check for that.
We’ve seen that message when users were running a very, very old Java version (as far as I recall, older than any Java version currently supported by the Jenkins project). If you’re not running the current release of Java 21 (21.0.2), Java 17 (17.0.10), or Java 11 (11.0.22) then you should update to a current version of Java. If you’re running a Java version older than Java 11, then you should update to a currently supported version of Java.
When Jenkins downloads plugins it redirects you to the nearest mirror. And this mirror seems to be not accessible from your Jenkins as you run into a timeout.
