TeamCity java agent can't connect to Letsencrypt enrypted endpoint even with Java keystore trusting full chain


#1

Hello. We’ve moved our TeamCity instance to Let’sEncrypt certs and its working great. Except for the fact that our CentOS based build agent still throws SSL handshake error like this:

[2016-11-23 20:11:42,228] INFO - buildServer.AGENT.registration - Registration using ‘xml-rpc’ failed: jetbrains.buildServer.xmlrpc.RemoteCallException: Call ‘https://tc.radacode.net/RPC2’, method ‘buildServer.registerAgent3’ failed: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

There is an SSLPing test java app available to test access to host from Java (https://github.com/dimalinux/SSLPing.git), and it confirms it can connect just fine.

I am sure build agent is using the same Java as set up in the system. What could be the reason for such behaviour of the build agent code.


#2

Fixed it. JAVA_HOME was not set to an updated version of Java that was being used.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.