[Solved] Since system update, got SSL initialization failure

s-muller · September 1, 2019, 1:24pm

Hello,

I had a Blynk server running for several months.
Since the last system update, the Blynk server starts but malfunctions after generating the following exception:

Exception in thread “main” java.lang.RuntimeException: failed to initialize the server-side SSL context
at cc.blynk.server.SslContextHolder.initSslContext(SslContextHolder.java:137)
at cc.blynk.server.SslContextHolder.(SslContextHolder.java:83)
at cc.blynk.server.Holder.(Holder.java:156)
at cc.blynk.server.launcher.ServerLauncher.start(ServerLauncher.java:95)
at cc.blynk.server.launcher.ServerLauncher.main(ServerLauncher.java:73)

I do not know enough about Java to find the origin of this issue.
Does anyone have an idea why this exception thrown up?

Many thanks in advance

Steve

s-muller · September 1, 2019, 6:54pm

I read again the log file and I saw the following line:

20:57:05.171 INFO - Didn’t find Let’s Encrypt certificates.

However the certificates exist since the email server works as well as the web server.
Is it a java library that works differently or the Let’s encrypt root certificate that is problematic?

How can I track down the problem origin?

s-muller · September 3, 2019, 1:41pm

Is it possible that Let’s Encrypt certificates are no longer compatible with Java SSL sockets?

Indeed, if I put an expired certificate the server starts without any problem even if I can connect to it only by authorizing an exception.

I will explore on this side.

Dmitriy · September 3, 2019, 1:57pm

Hello. Very unlikely. What env. do you have? OS and Java version?

s-muller · September 3, 2019, 2:53pm

The environment is: Armbian

The OS is:

PRETTY_NAME=“Debian GNU/Linux 9 (stretch)”
NAME=“Debian GNU/Linux”
VERSION_ID=“9”
VERSION=“9 (stretch)”
ID=debian

The Java version is:

openjdk version “11.0.4” 2019-07-16
OpenJDK Runtime Environment (build 11.0.4+11-post-Debian-1bpo91)
OpenJDK Server VM (build 11.0.4+11-post-Debian-1bpo91, mixed mode)

However, I still find that an expired certificate does not generate the exception.

Dmitriy · September 3, 2019, 3:32pm

What exactly did you update?

s-muller · September 3, 2019, 4:00pm

The whole system but I am not longer sure that the problem comes from the update.
I initially thought it because it was correlated with this operation.
But I saw that the certificate was renewed at the same time.

Dmitriy · September 3, 2019, 4:22pm

Actually one of the Ubuntu version had an issue with certificates and Java 11. I can’t tell what exactly it was as I don’t remember. However, system update could be related. In my case only update to the latest Ubuntu version did the trick.

s-muller · September 3, 2019, 5:58pm

I downgrade to Java 8 and it works again.
It seems there is an issue in Java 11 SSL implementation
Thanks for this suggestion