Unable to install Jenkins Plugins

nehams · September 18, 2024, 7:23am

I have installed jdk-64bit 21.0.2_13 version and Jenkins LTS version 2.440.2 on Windows 11 setup.
From jenkins.err.log I could see below error:

2024-09-17 11:28:58.321+0000 [id=57] WARNING hudson.model.UpdateCenter#updateDefaultSite: Upgrading Jenkins. Failed to update the default Update Site ‘default’. Plugin upgrades may fail.
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:388)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271)
at java.base/sun.security.validator.Validator.validate(Validator.java:256)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:631)
Caused: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:647)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:467)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:363)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:393)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:476)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:447)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:201)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1506)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1421)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:586)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1675)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1599)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:223)
at hudson.model.DownloadService.loadJSON(DownloadService.java:122)
at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:218)
at hudson.model.UpdateSite.updateDirectlyNow(UpdateSite.java:213)
at hudson.model.UpdateCenter.updateDefaultSite(UpdateCenter.java:2699)
at jenkins.install.SetupWizard.init(SetupWizard.java:210)
at jenkins.install.InstallState$InitialSecuritySetup.initializeState(InstallState.java:182)
at jenkins.model.Jenkins.setInstallState(Jenkins.java:1143)
at jenkins.install.InstallUtil.proceedToNextStateFrom(InstallUtil.java:99)
at jenkins.install.InstallState$Unknown.initializeState(InstallState.java:88)
at jenkins.model.Jenkins$15.run(Jenkins.java:3578)
at org.jvnet.hudson.reactor.TaskGraphBuilder$TaskImpl.run(TaskGraphBuilder.java:177)
at org.jvnet.hudson.reactor.Reactor.runTask(Reactor.java:305)
at jenkins.model.Jenkins$5.runTask(Jenkins.java:1170)
at org.jvnet.hudson.reactor.Reactor$2.run(Reactor.java:221)
at org.jvnet.hudson.reactor.Reactor$Node.run(Reactor.java:120)
at jenkins.security.ImpersonatingExecutorService$1.run(ImpersonatingExecutorService.java:68)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
at java.base/java.lang.Thread.run(Thread.java:1583)
2024-09-17 11:28:58.322+0000 [id=75] INFO hudson.util.Retrier#start: The attempt #1 to do the action check updates server failed with an allowed exception:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have tried all the possible solutions:

Manage Jenkins–>Plugins–> Advanced Settings
Updated site from https to http
and restarted Jenkins.

2.I have exported certificates from
https://updates.jenkins.io/update-center.json
Import the certificate into the JVM

following PKIX path building failed error message

Tried even setting below in java executable arguments in jenkins.xml
-Djenkins.model.Jenkins.slaveAgentPort=-1
-Dhudson.model.DownloadService.noSignatureCheck=true
-Dhudson.plugins.git.GitSCM.ALLOW_INVALID_SSL=true

None of these resolved the issue.

I tried installing same version of jdk and Jnkins on few other win 10 setup it worked. How to resolve this issue. Is it someting specific to PC environment?

poddingue · September 30, 2024, 9:41am

Hello and welcome to this community, @nehams.

The error you’re encountering seems to be related to SSL certificate validation.
It looks like the JVM is unable to find a valid certification path to the requested target, which is causing the PKIX path building failed error.
This issue can be specific to the environment or the configuration of the machine.

Here are some steps that could help troubleshoot and resolve the issue:

Check System Date and Time
- Ensure that the system date and time are correct. Incorrect date and time can cause SSL certificate validation to fail.
Import the Certificate into the JVM Truststore
- If you haven’t already, you can manually import the certificate into the JVM truststore.
  1. Export the Certificate:
    - Open the URL https://updates.jenkins.io/update-center.json in a browser.
    - Export the SSL certificate from the browser.
  2. Import the Certificate:
  - Use the keytool command to import the certificate into the JVM truststore.
  - keytool -import -alias jenkins-update-center -keystore "%JAVA_HOME%\lib\security\cacerts" -file path\to\exported\certificate.cer
  - The default password for the JVM truststore is changeit.

Topic		Replies	Views
Not able to update jenkins plugins Using Jenkins question	1	374	July 3, 2024
Unable to install plugins in jenkins Using Jenkins	1	673	September 18, 2024
Unable to install Jenkins Plugin after upgrading the jenkins version to 2.455 Using Jenkins question	1	283	May 6, 2024
Cannot install Jenkins plugins on Windows Ask a question	3	2119	December 6, 2022
Problems with plugin updates Using Jenkins question	2	2778	September 7, 2023

Unable to install Jenkins Plugins

Related topics