Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not able to use a certificate to allow HTTPS for the webserver #3869

Closed
Jeremys556 opened this issue Nov 29, 2024 · 4 comments
Closed

Not able to use a certificate to allow HTTPS for the webserver #3869

Jeremys556 opened this issue Nov 29, 2024 · 4 comments
Labels
note: Misconfiguration

Comments

@Jeremys556
Copy link

Describe the issue

I was attempting to set up the certificate for the webserver but it keeps telling me the certificate password is wrong. After the first attempt, i recreated it with no passes as said in the wiki, then I recreated it with the pass "123", which didn't work, then I tried not using the pass option like the wiki says and manually entering "123", which also didn't work. Plan was reloaded between attempts and all other settings where changed properly.

Exceptions & Other Logs

Exception Log

02bfbb85ec - Last occurred: 2024-11-29 Occurrences: 3
---- Context 3 ----
Plan v5.6 build 2883
Paper git-Paper-794 (MC: 1.16.5)
Server v1.16.5-R0.1-SNAPSHOT

Make sure the Certificate settings are correct / You can try remaking the keystore without -passin or -passout parameters.

---- Context 2 ----
Plan v5.6 build 2883
Paper git-Paper-794 (MC: 1.16.5)
Server v1.16.5-R0.1-SNAPSHOT

Make sure the Certificate settings are correct / You can try remaking the keystore without -passin or -passout parameters.

---- Context 1 ----
Plan v5.6 build 2883
Paper git-Paper-794 (MC: 1.16.5)
Server v1.16.5-R0.1-SNAPSHOT

Make sure the Certificate settings are correct / You can try remaking the keystore without -passin or -passout parameters.

---- Stacktrace ----
java.io.IOException: keystore password was incorrect
   java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2117)
   java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
   java.base/java.security.KeyStore.load(KeyStore.java:1479)
   com.djrapitops.plan.delivery.webserver.http.JettyWebserver.verifyAliasIsInKeystore(JettyWebserver.java:231)
   com.djrapitops.plan.delivery.webserver.http.JettyWebserver.getSslContextFactory(JettyWebserver.java:212)
   com.djrapitops.plan.delivery.webserver.http.JettyWebserver.enable(JettyWebserver.java:85)
   com.djrapitops.plan.delivery.webserver.WebServerSystem.enable(WebServerSystem.java:59)
   com.djrapitops.plan.PlanSystem.enableSystems(PlanSystem.java:181)
   com.djrapitops.plan.PlanSystem.enableOtherThanCommands(PlanSystem.java:138)
   com.djrapitops.plan.PlanSystem.enable(PlanSystem.java:176)
   com.djrapitops.plan.Plan.onEnable(Plan.java:94)
   com.djrapitops.plan.commands.subcommands.PluginStatusCommands.lambda$onReload$0(PluginStatusCommands.java:76)
   java.base/java.lang.Thread.run(Thread.java:829)
Caused by:
java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
   java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2117)
   java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
   java.base/java.security.KeyStore.load(KeyStore.java:1479)
   com.djrapitops.plan.delivery.webserver.http.JettyWebserver.verifyAliasIsInKeystore(JettyWebserver.java:231)
   com.djrapitops.plan.delivery.webserver.http.JettyWebserver.getSslContextFactory(JettyWebserver.java:212)
   com.djrapitops.plan.delivery.webserver.http.JettyWebserver.enable(JettyWebserver.java:85)
   com.djrapitops.plan.delivery.webserver.WebServerSystem.enable(WebServerSystem.java:59)
   com.djrapitops.plan.PlanSystem.enableSystems(PlanSystem.java:181)
   com.djrapitops.plan.PlanSystem.enableOtherThanCommands(PlanSystem.java:138)
   com.djrapitops.plan.PlanSystem.enable(PlanSystem.java:176)
   com.djrapitops.plan.Plan.onEnable(Plan.java:94)
   com.djrapitops.plan.commands.subcommands.PluginStatusCommands.lambda$onReload$0(PluginStatusCommands.java:76)
   java.base/java.lang.Thread.run(Thread.java:829)

What was logged in console upon reloading the plugin (specifically what was logged on the most recent attempt, which was the last attempt described in the describe the issue section)

plan reload
[01:42:59] [Plan Reload Thread/INFO]: Processing complete.
[01:42:59] [Plan Reload Thread/INFO]: Waiting for unfinished transactions to avoid data loss..
[01:42:59] [Plan Reload Thread/INFO]: Transaction queue closed.
[01:42:59] [Plan Reload Thread/INFO]: Waiting queries to finish to avoid SQLite crashing JVM..
[01:42:59] [Plan Reload Thread/INFO]: Closed SQLite connection.
[01:42:59] [Plan Reload Thread/INFO]: Player Analytics Disabled.
[01:42:59] [Plan Reload Thread/INFO]: [Plan] ?2
[01:42:59] [Plan Reload Thread/INFO]: [Plan] ?2           ???
[01:42:59] [Plan Reload Thread/INFO]: [Plan] ?2     ???   ???
[01:42:59] [Plan Reload Thread/INFO]: [Plan] ?2  ????????????  ?2Player Analytics
[01:42:59] [Plan Reload Thread/INFO]: [Plan] ?2  ????????????  ?fv5.6 build 2883
[01:42:59] [Plan Reload Thread/INFO]: [Plan] ?2
[01:42:59] [Plan Reload Thread/INFO]: Locale: 'English' by AuroraLS3
[01:42:59] [Plan Reload Thread/INFO]: Downloading SQLite Driver, this may take a while...
[01:43:00] [Craft Scheduler Thread - 26/INFO]: You're using the latest version.
[01:43:00] [Plan SQLiteDB-transaction-thread-1/INFO]: Database: Making sure schema is up to date..
[01:43:00] [Plan Reload Thread/INFO]: SQLite-database connection established.
[01:43:00] [Plan Reload Thread/ERROR]: Ran into IOException: keystore password was incorrect - logged to plugins/Plan/logs/IOException-02bfbb85ec.txt
[01:43:00] [Plan Reload Thread/ERROR]: (INCLUDE CONTENTS OF THE FILE IN ANY REPORTS)
[01:43:00] [Plan Reload Thread/ERROR]: What to do: Make sure the Certificate settings are correct / You can try remaking the keystore without -passin or -passout parameters.
[01:43:00] [Plan Reload Thread/INFO]: WebServer: No Certificate -> Using HTTP-server for Visualization.
[01:43:00] [Plan Reload Thread/INFO]: WebServer: User Authorization Disabled! (Not secure over HTTP)
[01:43:00] [Plan SQLiteDB-transaction-thread-1/INFO]: All database patches applied successfully.
[01:43:00] [Plan Reload Thread/INFO]: Webserver running on PORT 8187 ( [REDACTED] )
[01:43:00] [Plan Reload Thread/INFO]: Loading server identifying information
[01:43:00] [Plan Reload Thread/INFO]: Server identifier loaded: [REDACTED]
[01:43:00] [Plan Non critical-pool-3/WARN]: Downloading GeoLite2 requires accepting GeoLite2 EULA - see 'Data_gathering.Accept_GeoLite2_EULA' in the config.
[01:43:00] [Plan Non critical-pool-3/ERROR]: Failed to enable geolocation.
[01:43:00] [Plan Reload Thread/INFO]: Registered extension: Essentials
[01:43:00] [Plan Reload Thread/INFO]: Registered extension: EssentialsEco
[01:43:00] [Plan Reload Thread/INFO]: Registered extension: LuckPerms
[01:43:00] [Plan Reload Thread/INFO]: Registered extension: PlaceholderAPI
[01:43:00] [Plan Reload Thread/INFO]: Registered extension: Economy (Vault)
[01:43:00] [Plan Reload Thread/INFO]: Registered extension: Permission Groups (Vault)
[01:43:00] [Plan Reload Thread/INFO]: Player Analytics Enabled.
[01:43:00] [Plan Reload Thread/INFO]: ?aReload Complete
[01:43:00] [Server thread/INFO]: Successfully registered expansion: plan [5.6 build 2883]

Relevant config section

    Security:
        SSL_certificate:
            KeyStore_path: pkcs(4).p12
            Key_pass: 123
            Store_pass: 123
            Alias: rblockcert4
        # HTTPS is required for Login.
        Disable_authentication: false
        # Disable /auth/register endpoint
        Disable_registration: false

Plugin versions

Plan version: 5.6 build 2883

Additional information

Minecraft Version: 1.16.5

If I missed anything let me know please! I tried to add as much info as possible.
@Jeremys556 Jeremys556 added the Bug Issues that contain unintended behavior label Nov 29, 2024
@AuroraLS3
Copy link
Collaborator

When it says keystore pass is incorrect, the -passout password and Store_pass don't match.

Make sure you didn't include the {} around the password, e.g. -passout 123 instead of -passout {123}

@Jeremys556
Copy link
Author

I did not include the {}, and I ran several attempts to make sure that the password is actually correct. I can guarantee that I typed the exact same password for both fields prompted in the cmd line tool and typed the same passwords into the config file.

@AuroraLS3
Copy link
Collaborator

Could you send the command that you used? And did you use windows or Linux to execute?

Did you try removing the \ in the example? Those sometimes cause trouble.

Also did you create the empty p12 file with the command specified in the tutorial? (Just making sure) - using an FTP client to create the file can make it a text file that fails to be written to

Also is the password 123 or something more complicated? Using a $ in bash might interpret it as start of a variable rather than a $-character

@AuroraLS3 AuroraLS3 added note: Misconfiguration and removed Bug Issues that contain unintended behavior labels Dec 1, 2024
@Jeremys556
Copy link
Author

Was not a misconfig -- kept the exact same config & pkcs file and updated my server to 1.21 and it worked flawlessly. It simply seems that PLAN bugs out when the server is an older version. Closing the ticket as this has been solved (for me atleast).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
note: Misconfiguration
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Jeremys556 @AuroraLS3