Plugin updates via UPM fail in Jira server

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Problem

In some cases, plugin updates via UPM fails and the following appears in the atlassian-jira.log

2017-10-17 15:32:19,181 UpmAsynchronousTaskManager:thread-3 ERROR admin 932x75x3 1b3k4i7 <IPaddress> /rest/plugins/1.0/ [c.a.u.c.r.resources.install.InstallFromUriTask] 
Error downloading plugin from https://marketplace.atlassian.com/download/plugins/com.atlassian.support.stp/version/3010042
2017-10-17 15:32:19,201 UpmAsynchronousTaskManager:thread-4 ERROR admin 932x79x2 1b3k4i7 <IPaddress> /rest/plugins/1.0/ [c.a.u.c.r.resources.install.InstallFromUriTask] 
Error downloading plugin from https://marketplace.atlassian.com/download/plugins/com.atlassian.support.stp/version/3010042

or 

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

or 

2020-04-03 15:05:29,632-0700 http-nio-8080-exec-30 WARN admin 905x5842x1 1b3k4i7 <IPaddress>,<IPaddress>,<IPaddress> /plugins/servlet/upm
 [c.a.upm.pac.PacClientImpl] Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException:
 javax.net.ssl.SSLPeerUnverifiedException: Certificate for <marketplace.atlassian.com> doesn't match any of the subject alternative names:
 [*.services.atlassian.com, services.atlassian.com]

or

Error when querying application info from MPAC: com.atlassian.marketplace.client.MpacException: javax.net.ssl.SSLException: hostname in certificate didn't match: <marketplace.atlassian.com> != <*.services.atlassian.com> OR <*.services.atlassian.com> OR <services.atlassian.com>
(info) These are just some scenarios and the solutions defined below are specifically for them.


Diagnosis

Environment

  • JIRA 6.x and 7.x

Diagnostic Steps

  • Check if you have added the -Djsse.enableSNIExtension=false parameter in setenv file (via $JIRA-INSTALL/bin)
  • Check if you have added a version of TLS protocol lower than TLSv1.2 which is the default for JDK8

Cause

The following JVM arguments is being applied to the JIRA instance

  • -Djsse.enableSNIExtension=false
  • -Djdk.tls.client.protocols=TLSv1
  • -Djdk.tls.client.protocols=TLSv1.1

Resolution

Remove -Djsse.enableSNIExtension=false and TLS protocol parameters lower than v1.2 via JIRA startup options, and restart the application.


Last modified on Nov 8, 2022

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.