kiranchavala commented on issue #11112:
URL: https://github.com/apache/cloudstack/issues/11112#issuecomment-3023636434
Thanks @weizhouapache was able to uplaod the certificate but still getting
a error , restarted the agent and management service
```
(admin) 🐱 > list templatedirectdownloadcertificates
{
"count": 1,
"directdownloadcertificate": [
{
"alias": "dowload",
"hypervisor": "KVM",
"id": "d837350a-a216-40fb-9464-d9a5d4534f58",
"issuer": "CN=E6, O=Let's Encrypt, C=US",
"serialnum": "SerialNumber:
05:cd:bb:dd:f2:b3:4c:8f:c9:19:a3:bb:81:75:17:f2:d1:9d",
"subject": "CN=1999714585.rsc.cdn77.org",
"validity": "From: [Thu Jun 19 20:30:00 UTC 2025] - To: [Wed Sep 17
20:29:59 UTC 2025]",
"version": "3",
"zoneid": "1b0dfd23-800e-4c72-8231-d0acb36d14f3",
"zonename": "ref-trl-8752-k-Mol8-kiran-chavala"
}
]
```
Logs
```
2025-07-01 11:29:00,219 DEBUG [c.c.a.t.Request] (AgentManager-Handler-3:[])
(logid:) Seq 2-4394387336406762487: Processing: { Ans: , MgmtId:
32986019922624, via: 2, Ver: v1, Flags: 10,
[{"com.cloud.agent.api.Answer":{"result":"false","details":"com.cloud.utils.exception.CloudRuntimeException:
Cannot obtain qcow2 virtual size due to: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.apache.cloudstack.direct.download.HttpsDirectTemplateDownloader.getRemoteFileSize(HttpsDirectTemplateDownloader.java:199)
at
org.apache.cloudstack.direct.download.DirectDownloadHelper.getFileSize(DirectDownloadHelper.java:100)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtCheckUrlCommand.execute(LibvirtCheckUrlCommand.java:45)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtCheckUrlCommand.execute(LibvirtCheckUrlCommand.java:29)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtRequestWrapper.execute(LibvirtRequestWrapper.java:78)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1958)
at com.cloud.agent.Agent.processRequest(Agent.java:779)
at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:1194)
at com.cloud.utils.nio.Task.call(Task.java:83)
at com.cloud.utils.nio.Task.call(Task.java:29)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:383)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1351)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1226)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1169)
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:206)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:589)
at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1702)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1626)
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
at java.base/java.net.URL.openStream(URL.java:1161)
at
org.apache.cloudstack.direct.download.HttpsDirectTemplateDownloader.getRemoteFileSize(HttpsDirectTemplateDownloader.java:197)
... 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at
java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at
java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at
java.base/sun.security.validator.Validator.validate(Validator.java:264)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
at
java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
at
java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at
java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 36 more
","wait":"0","bypassHostMaintenance":"false"}}] }
2025-07-01 11:29:00,220 DEBUG [c.c.a.t.Request]
(qtp698741991-24:[ctx-f0001599, ctx-b6140be1]) (logid:5de79ad6) Seq
2-4394387336406762487: Received: { Ans: , MgmtId: 32986019922624, via:
2(ref-trl-8752-k-Mol8-kiran-chavala-kvm2), Ver: v1, Flags: 10, { Answer } }
2025-07-01 11:29:00,220 DEBUG [c.c.a.m.ClusteredAgentManagerImpl]
(qtp698741991-24:[ctx-f0001599, ctx-b6140be1]) (logid:5de79ad6) Details from
executing class org.apache.cloudstack.agent.directdownload.CheckUrlCommand:
com.cloud.utils.exception.CloudRuntimeException: Cannot obtain qcow2 virtual
size due to: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.apache.cloudstack.direct.download.HttpsDirectTemplateDownloader.getRemoteFileSize(HttpsDirectTemplateDownloader.java:199)
at
org.apache.cloudstack.direct.download.DirectDownloadHelper.getFileSize(DirectDownloadHelper.java:100)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtCheckUrlCommand.execute(LibvirtCheckUrlCommand.java:45)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtCheckUrlCommand.execute(LibvirtCheckUrlCommand.java:29)
at
com.cloud.hypervisor.kvm.resource.wrapper.LibvirtRequestWrapper.execute(LibvirtRequestWrapper.java:78)
at
com.cloud.hypervisor.kvm.resource.LibvirtComputingResource.executeRequest(LibvirtComputingResource.java:1958)
at com.cloud.agent.Agent.processRequest(Agent.java:779)
at com.cloud.agent.Agent$AgentRequestHandler.doTask(Agent.java:1194)
at com.cloud.utils.nio.Task.call(Task.java:83)
at com.cloud.utils.nio.Task.call(Task.java:29)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at
java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
at
java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.base/java.lang.Thread.run(Thread.java:840)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:383)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326)
at
java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1351)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1226)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1169)
at
java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at
java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458)
at
java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:206)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at
java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510)
at
java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1425)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:455)
at
java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:426)
at
java.base/sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:589)
at
java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:187)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1702)
at
java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1626)
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:224)
at java.base/java.net.URL.openStream(URL.java:1161)
at
org.apache.cloudstack.direct.download.HttpsDirectTemplateDownloader.getRemoteFileSize(HttpsDirectTemplateDownloader.java:197)
... 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at
java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at
java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at
java.base/sun.security.validator.Validator.validate(Validator.java:264)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at
java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at
java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:148)
at
java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:129)
at
java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at
java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 36 more
2025-07-01 11:29:00,221 WARN [o.a.c.m.w.WebhookServiceImpl]
(qtp698741991-24:[ctx-f0001599, ctx-b6140be1]) (logid:5de79ad6) Skipping
delivering event Event {"description":"{\"details\":\"Id: 215 name:
cloud-ubtu1\",\"event\":\"TEMPLATE.CREATE\",\"status\":\"Completed\"}","eventId":null,"eventType":"TEMPLATE.CREATE","eventUuid":null,"resourceType":"VirtualMachineTemplate","resourceUUID":null}
to any webhook as account ID is missing
2025-07-01 11:29:00,221 WARN [o.a.c.f.e.EventDistributorImpl]
(qtp698741991-24:[ctx-f0001599, ctx-b6140be1]) (logid:5de79ad6) Failed to
publish event [category: ActionEvent, type: TEMPLATE.CREATE] on bus
webhookEventBus
2025-07-01 11:29:00,230 ERROR [c.c.a.ApiServer]
(qtp698741991-24:[ctx-f0001599, ctx-b6140be1]) (logid:5de79ad6) unhandled
exception executing api command: [Ljava.lang.String;@23f24711
com.cloud.utils.exception.CloudRuntimeException: URL:
https://download.cloudstack.org/templates/cloud-images/ubuntu/ubuntu-20.04-server-cloudimg-amd64.img
validation failed on host Host
{"id":2,"name":"ref-trl-8752-k-Mol8-kiran-chavala-kvm2","type":"Routing","uuid":"5aeefe1c-7404-40e9-92bf-b5b1445e160c"}
at
com.cloud.template.HypervisorTemplateAdapter.performDirectDownloadUrlValidation(HypervisorTemplateAdapter.java:188)
at
com.cloud.template.HypervisorTemplateAdapter.prepare(HypervisorTemplateAdapter.java:246)
at
com.cloud.template.TemplateManagerImpl.registerTemplate(TemplateManagerImpl.java:374)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
at
org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:344)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:198)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at
org.apache.cloudstack.network.contrail.management.EventUtils$EventInterceptor.invoke(EventUtils.java:105)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
