[MC-143768] Not able to use server resource pack with Let's Encrypt certificate

When using an URL for a server resource pack that points to a web server using a Let's Encrypt certificate the client fails to download the pack. (Stuck at 100% and sending failed resource pack status packet)

Only happens when using the bundled Java runtime which seems to be the 2015 released update 51, error does not happen with the most recent update 201 (seeing as the old version was released before Let's Encrypted being a thing I suspect that version 51 does not include their root certificate in the key/trust store so updating the bundled version or relying on the certificates by the installed java/OS if available could be possible solutions for this issue)

The actual stacktrace is attached.

Edit: I just noticed that I forget to actually provide an example URL that causes this issue: https://cdn.moep.tv/files/Empty.zip

Attachments

pack-error.txt

Comments 11

marcono1234 2019-02-07T21:52:54Z

Stuck at 100%

Could you create a separate report for this please?

John Rockefeller 2019-02-19T00:13:55Z

What do you mean by create a separate report? It seems like this one makes sense to me.

wobst.michael 2020-01-22T18:25:38Z

Please check if that's still an issue for you in the latest 1.15.2 stable release.

Phoenix616 2020-01-22T23:34:26Z

Exact same issue still happens with 1.15.2.

Joscha Scherder 2020-07-02T23:10:45Z

I can absoluteley absolutely confirm this.

The same issue still hapens to me with 1.16.1 also.

1 more comments

Justin zheng 2021-01-04T21:49:18Z

[23:15:05] [Downloader 0/INFO]: [STDERR]: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1497)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at xk.a(SourceFile:140)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at xk$$Lambda$1203/108034745.run(Unknown Source)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:111)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:58)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:75)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at java.lang.Thread.run(Thread.java:745)
[23:15:05] [Downloader 0/INFO]: [STDERR]: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.validator.Validator.validate(Validator.java:260)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1479)
[23:15:05] [Downloader 0/INFO]: [STDERR]: ... 21 more
[23:15:05] [Downloader 0/INFO]: [STDERR]: Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
[23:15:05] [Downloader 0/INFO]: [STDERR]: at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
[23:15:05] [Downloader 0/INFO]: [STDERR]: ... 27 more? What?!

Joeywp 2021-04-14T21:37:41Z

I was having the same problem on my server. As hinted in the description, it's not a Minecraft issue, but rather a JDK issue. Pinpointed it to this JDK issue:
https://bugs.openjdk.java.net/browse/JDK-8154757

Apparently, this has been fixed in JDK 8u101 which adds the root certificates for LetsEncrypt for (see https://www.oracle.com/java/technologies/javase/8u101-relnotes.html)but the launcher still ships 8u51.

Phoenix616 2021-05-14T19:02:13Z

Seeing as 21w19a now ships with Java 16.0.1 this is most likely resolved. Unfortunately I can't test that right now but if anyone does please feel free to comment so this can hopefully be closed.

Ilm 9001 2021-07-28T19:31:50Z

Issue is resolved on 1.17.1 with provided example URL.

Ricardo ferreira 2021-11-07T17:04:29Z

I added this plugin onto my server and the members don't have access to make items (pizza, flour, cheese) help me 🙂