- Jenkins fails on startup with the following stack trace:
SEVERE: Container startup failed java.io.IOException: Failed to start a listener: winstone.HttpsConnectorFactory at winstone.Launcher.spawnListener(Launcher.java:209) at winstone.Launcher.<init>(Launcher.java:149) at winstone.Launcher.main(Launcher.java:354) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at Main._main(Main.java:293) at Main.main(Main.java:98) Caused by: java.lang.NoClassDefFoundError: sun/security/x509/CertAndKeyGen at winstone.HttpsConnectorFactory.start(HttpsConnectorFactory.java:100) at winstone.Launcher.spawnListener(Launcher.java:207) ... 8 more Caused by: java.lang.ClassNotFoundException: sun.security.x509.CertAndKeyGen [...]
- Jenkins startup logs show:
WARNING: Creating a self-signed certificate currently relies on unsupported APIs in the Oracle JRE. Please create your own certificate using supported tools instead and use --httpsKeyStore.
- CloudBees CI (CloudBees Core)
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed Master
- CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center
- CloudBees CI (CloudBees Core) on traditional platforms - Client Master
- CloudBees CI (CloudBees Core) on traditional platforms - Operations Center
- CloudBees Jenkins Platform - Client Master
- CloudBees Jenkins Platform - Operations Center
- CloudBees Jenkins Distribution
- Jenkins LTS
- JDK 8+
- Open JDK 1.7.0_111
This is an issue related to the auto-generation of self-signed certificate carried out by the Jetty Winstone container. This feature fails with JDK 8+ as well as with the latest version of Open JDK 7. For more information, have a look at JENKINS-25333.
The problem occurs only if you use
-httpsPort without providing a keystore or a certificate. In that case Jenkins tries to run with an auto-generated self-signed certificate.
Although the issue is fixed since Jenkins 2.38, the auto-generation of self-signed certificate currently relies on unsupported APIs and is deprecated.
The recommended solution is to generate a custom key and certificate and provide the keystore like described in the following article How to setup HTTPS within Jetty
Another solution is to manage HTTPS with a reverse proxy, see Reverse proxy configuration.