Confluence can't be accessed through the secure port - Protocol handler initialization failed

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform Notice: Server and Data Center Only - This article only applies to Atlassian products on the server and data center platforms.

Summary

After starting Confluence, the Java process is running at the OS level, but it can't be reached through the secure port (default: 8443).

Non-secure ports (default:8090) can be accessed without any issue.

Environment

Confluence Server running over SSL/HTTPS

Unix Operating System

Diagnosis

After starting Confluence, you can see the following messages on <confluence_install>/logs/catalina.out:

catalina.out
23-Jul-2020 02:56:55.409 SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[org.apache.coyote.http11.Http11Nio2Protocol-8443]]
 org.apache.catalina.LifecycleException: Protocol handler initialization failed
...
 Caused by: java.lang.IllegalArgumentException: /path/to/the/keystore-file/keystore.jks (Permission denied)
...
 Caused by: java.io.FileNotFoundException: /path/to/the/keystore-file/keystore.jks (Permission denied)

Cause

The user running Confluence, at the OS level, doesn't have permission to read the keystore file, that was specified in <confluence_install>/conf/server.xml:

server.xml
<Connector port="8443" maxHttpHeaderSize="8192"
    maxThreads="48" minSpareThreads="25"
    protocol="org.apache.coyote.http11.Http11Nio2Protocol"
    enableLookups="false" disableUploadTimeout="true"
    acceptCount="100" scheme="https" secure="true"
    clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
    URIEncoding="UTF-8" keystorePass="<password>"
    keystoreFile="/path/to/the/keystore-file/keystore.jks"/>

Solution

  1. Stop Confluence
  2. Check if the user that runs Confluence has permission to read the keystore file (we recommend you to use a dedicated user account to run Confluence)

    1. If necessary, you can change the permission by running the following commands:

      # Change the ownership of the keystore file to the user 'confluence' (not mandatory)
      $ sudo chown confluence /path/to/the/keystore-file/keystore.jks
      # Grant read permission to the owner of the file
      $ sudo chmod u=rwx,g=rx,o=rx /path/to/the/keystore-file/keystore.jks
  3. Start Confluence

Last modified on Jul 23, 2020

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.