For instance with the ASM API update I get the following ERROR:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at java.base/sun.security.validator.Validator.validate(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
Caused: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect0(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1323)
Caused: java.io.IOException: Failed to load https://updates.jenkins.io/download/plugins/asm-api/9.7.1-97.v4cc844130d97/asm-api.hpi to /var/jenkins_home/plugins/asm-api.jpi.tmp
at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1334)
Caused: java.io.IOException: Failed to download from https://updates.jenkins.io/download/plugins/asm-api/9.7.1-97.v4cc844130d97/asm-api.hpi (redirected to: https://ftp.belnet.be/mirror/jenkins/plugins/asm-api/9.7.1-97.v4cc844130d97/asm-api.hpi)
at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1368)
at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:1925)
at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:2237)
at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:1899)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:121)
at java.base/java.lang.Thread.run(Unknown Source)
Can you give me some tips?
Do you know how I can resolve this?
In the mean while I have installed version: Version 2.482 and tried the update of the plugins. Now it did upgrade the ASM API.
Only now it fails on the Credentials Version 1389.vd7a_b_f5fa_50a_2 plugin.
It gives the following ERROR:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at java.base/sun.security.validator.Validator.validate(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
Caused: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect0(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1348)
Caused: java.io.IOException: Failed to load https://updates.jenkins.io/download/plugins/credentials/1389.vd7a_b_f5fa_50a_2/credentials.hpi to /var/jenkins_home/plugins/credentials.jpi.tmp
at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1363)
Caused: java.io.IOException: Failed to download from https://updates.jenkins.io/download/plugins/credentials/1389.vd7a_b_f5fa_50a_2/credentials.hpi → https://ftp.belnet.be/mirror/jenkins/plugins/credentials/1389.vd7a_b_f5fa_50a_2/credentials.hpi
at hudson.model.UpdateCenter$UpdateCenterConfiguration.download(UpdateCenter.java:1390)
at hudson.model.UpdateCenter$DownloadJob._run(UpdateCenter.java:2038)
at hudson.model.UpdateCenter$InstallationJob._run(UpdateCenter.java:2366)
at hudson.model.UpdateCenter$DownloadJob.run(UpdateCenter.java:2012)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
at hudson.remoting.AtmostOneThreadExecutor$Worker.run(AtmostOneThreadExecutor.java:121)
at java.base/java.lang.Thread.run(Unknown Source)
The error you’re encountering, sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, seems to indicate that Jenkins is unable to establish a secure connection to the update site because it cannot validate the SSL certificate.
This is often due to missing or outdated CA certificates in the Java truststore.
Here are some steps that may help resolve this issue:
Make sure that your Java installation has the latest CA certificates. You can update the CA certificates by downloading the latest cacerts file or by updating your Java installation.
If the certificate is not recognized, you can manually add it to the Java truststore.
Use the keytool command to import the certificate into the Java truststore. keytool -import -alias jenkins-update-center -keystore $JAVA_HOME/lib/security/cacerts -file /path/to/downloaded/certificate.crt
You will be prompted for the keystore password, which is typically changeit by default.
@poddingue I find it strange that these certificates are not already integrated in the Docker container. Should the Docker container already have these certificates implemented standard?
I hope I have not have to do this again next time the plugins need to be updated. Let me see if I can contact the maintainer of the Docker container.
@poddingue I was unable to contact anybody to propose to update this in the Docker containers. Gitter is not configured for me to be able to establish contact. Perhaps you know about means of communication to a Docker image maintainer?