Home > Software engineering >  Unrecognized option: --httpsCertificate=/opt/certs/project.crt in Jenkins Systemd
Unrecognized option: --httpsCertificate=/opt/certs/project.crt in Jenkins Systemd

Time:12-25

361.4 on Linux. i have a Nginx Proxy using SSL. I'm trying to expose Jenkins via this SSL Proxy. In order for this i have copied ssl Certificate and key of nginx to /opt/certs/project.crt & /opt/certs/project.key. I have changed ownership to Jenkins. Now when i add the following command to /usr/lib/systemd/system/jenkins.service

[Service]
Type=notify
NotifyAccess=main
ExecStart=/usr/bin/jenkins --httpPort=-1 --httpsPort=8080 --httpsCertificate=/opt/certs/project.crt --httpsPrivateKey=/opt/certs/project.key
Restart=on-failure
SuccessExitStatus=143

Then i did systemctl daemon-realod & systemctl restart jenkins. i see below error on Jenkins logs.

Unrecognized option: --httpsCertificate=/opt/certs/project.crt

Also i tried the below without doing the above change,, there also i get the same error message.

Environment="JENKINS_OPTS= --httpPort=-1 --httpsPort=8080 --httpsCertificate=/opt/certs/project.crt --httpsPrivateKey=/opt/certs/project.key"

I also imported the Certificate to JVM using below. (Though Not sure whether this is Required)

<JAVA_HOME>/bin/keytool -importcert -alias <server_name> -keystore <JAVA_HOME>/lib/security/cacerts -file /opt/certs/project.crt

Hope Someone Can help me with error message. Thank you.

CodePudding user response:

Based on the proposal [JENKINS-68694] Winstone 6.1: Upgrade Jetty from 9.4.46.v20220331 to 10.0.11 the flags --httpsPrivateKey and --httpsCertificate have been replaced with --httpsKeyStore and --httpsKeyStorePassword

Fix

Update the certificate's format to use a keystore for example using

# Convert from PEM to P12
openssl pkcs12 -export -in project.crt -inkey project.key -out temp_cert.p12 -name "project_alias"

# Convert from P12 to JKS
# you'll get prompted for a new jks password, memorize it
keytool -importkeystore -srckeystore project.p12 -srcstoretype pkcs12 -destkeystore project.jks

# Set the alias (cert) password to the same of the jks password
keytool -keypasswd -alias project_alias -keystore project.jks

Finally use the project.jks file and the jks password as following ExecStart=/usr/bin/jenkins --httpPort=-1 --httpsPort=8080 --httpsKeyStore=/opt/certs/project.jks --httpsKeyStorePassword=JKS_PASSWORD

Further details could be found in this gist

Work around

Use an older jenkins version, for example 2.362

Page link:https//www.codepudding.com/Softwareengineering/653173.html

Prev:How can I fix the 'line x did not have y elements' error when trying to use read.csv.sql?
Next:django select related not giving expected result
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding