Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Jira Server not updating SSL Certificate (behind Nginx w. conf files)

Michael Ilewicz
Michael Ilewicz
Contributor
October 1, 2021

Hello,

I have always struggled a little with the SSL setup for my Jira and confluence setup. After some time, I had it working but this morning, when I had to update my certificate after it expired I could not find a way to get it to work whatsoever. 

Let me briefly explain my setup. I am running Jira and Confluence on the same Virtual Machine behind Nginx. I have a trusted wildcard certificate from Godaddy. I have imported the certificate and made sure that Nginx is configured properly.

I am not even sure if I had properly configured Nginx, Jira, and confluence properly in the first place since I found the documentation for setting up these instances behind Nginx with SSL not very clear... Specifically, I am unsure about the server.xml, where I tried two approaches, namely connecting through http and through https, at least I believe that is what I did.

After running 

echo | openssl s_client -connect 127.0.0.1:443 | openssl x509 -noout -dates

I get a return 

140417772044736:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:332:
unable to load certificate
140200519320000:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
root@AtlassianServer:/etc/nginx# echo | openssl s_client -connect 127.0.0.1:443 | openssl x509 -noout -dates
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate Authority - G2
verify return:1
depth=0 CN = *.mydomain.com
verify return:1
DONE
notBefore=Aug 31 05:22:48 2021 GMT
notAfter=Sep 30 17:30:55 2022 GMT

 Which I believe would mean that Nginx is exposing my new certificate properly since it is expiring a year from now.

However, checking using this tool https://www.ssllabs.com/ssltest/analyze.html with jira.mydomain.com I am shown the old certificate which has expired recently. The same thing happens when I try to open my site the regular way.

Of course, I have restarted Jira and Nginx as well as the whole VM plenty of times...

I have uploaded the configuration files I believe to be relevant to github.

I checked the Nginx and Jira configuration several times but could not find my mistake. Some hints would be greatly appreciated!!!

Answer
Watch
Like Be the first to like this
962 views

1 answer

1 accepted

0 votes
Answer accepted
Michael Ilewicz
Michael Ilewicz
Contributor
October 1, 2021

turns out that the vnet running in front of the VM had to whitelist the new certificate. I am now able to create a secure connection however, now I am getting 

502 - Web server received an invalid response while acting as a gateway or proxy server.

on both jira and confluence which is weird because I never touched any of the configurations for confluence...

also both application are accessible via localhost:portnumber as specified in the server.xml files

View More Comments
Michael Ilewicz
Michael Ilewicz
Contributor
October 2, 2021

resolved it, there was another place in the vnet that had to be configured for the new certificate... 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
DEPLOYMENT TYPE
SERVER
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.