dosubot[bot] commented on issue #8709: URL: https://github.com/apache/incubator-devlake/issues/8709#issuecomment-3883291527
<!-- Answer --> DevLake automatically selects the correct Jira API version for Cloud (using /api/3) in versions v1.0.3-beta5 and later—there’s no user-facing setting to manually change the API version, and providing the full /api/3 endpoint won’t override this logic. If you’re seeing DevLake use /api/2, you likely need to upgrade to at least v1.0.3-beta6 to get proper Jira Cloud support and endpoint selection ([source](https://github.com/apache/incubator-devlake/issues/8647)). The TLS error `x509: certificate signed by unknown authority` is unrelated to the API version. It means the environment where DevLake is running doesn’t trust the SSL certificate from Jira—usually because of missing or outdated CA certificates, or SSL interception by a proxy/firewall ([source](https://github.com/apache/incubator-devlake/issues/8703)). To fix this: 1. Make sure your container or host has up-to-date CA certificates (install/update the `ca-certificates` package). 2. From inside the container or host, run `curl https://sartorius.atlassian.net` to check if you get the same certificate error. 3. If your network uses a proxy or SSL inspection, add the proxy’s CA certificate to the trust store. 4. Only as a last resort, set the environment variable `IN_SECURE_SKIP_VERIFY=true` to bypass certificate checks (not recommended for production) ([source](https://github.com/apache/incubator-devlake/blob/main/env.example#L65-L66)). Also, make sure your Jira endpoint in DevLake ends with `/rest/` (not `/rest/api/3/`), so DevLake constructs the correct API URLs and avoids hitting non-API endpoints that can cause redirects or TLS errors ([source](https://github.com/apache/incubator-devlake/issues/8704)). <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/f1b55baf-f156-4bd3-972b-af775128e7b3?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/f1b55baf-f156-4bd3-972b-af775128e7b3?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/f1b55baf-f156-4bd3-972b-af775128e7b3?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/f1b55baf-f156-4bd3-972b-af775128e7b3?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/f1b55baf-f156-4bd3-972b-af775128e7b3?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/f1b55baf-f156-4bd3-972b-af775128e7b3?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/f1b55baf-f156-4bd3-972b-af775128e7b3?feedback_type=other)</sup> [](https://app.dosu.dev/b4e8e847-d479-4541-83a8-d88d83fea5c9/ask?utm_source=github) [](https://cursor.com/link/prompt?text=DevLake%20automatically%20selects%20the%20correct%20Jira%20API%20version%20for%20Cloud%20%28using%20/api/3%29%20in%20versions%20v1.0.3-beta5%20and%20later%E2%80%94there%E2%80%99s%20no%20user-facing%20setting%20to%20manually%20change%20the%20API%20version%2C%20and%20providing%20the%20full%20/api/3%20endpoint%20won%E2%80%99t%20override%20this%20logic.%20If%20you%E2%80%99re%20seeing%20DevLake%20use%20/api/2%2C%20you%20likely%20need%20to%20upgrade%20to%20at%20least%20v1.0.3-beta6%20to%20get%20proper%20Jira%20Cloud%20support%20and%20endpoint%20selection%20%28%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/issues/8647%29%29.%0A%0AThe%20TLS%20error%20%60x509%3A%20certificate%20signed%20by%20unknown%20authority%60%20is%20unrelated%20to%20the%2 0API%20version.%20It%20means%20the%20environment%20where%20DevLake%20is%20running%20doesn%E2%80%99t%20trust%20the%20SSL%20certificate%20from%20Jira%E2%80%94usually%20because%20of%20missing%20or%20outdated%20CA%20certificates%2C%20or%20SSL%20interception%20by%20a%20proxy/firewall%20%28%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/issues/8703%29%29.%20To%20fix%20this%3A%0A%0A1.%20Make%20sure%20your%20container%20or%20host%20has%20up-to-date%20CA%20certificates%20%28install/update%20the%20%60ca-certificates%60%20package%29.%0A2.%20From%20inside%20the%20container%20or%20host%2C%20run%20%60curl%20https%3A//sartorius.atlassian.net%60%20to%20check%20if%20you%20get%20the%20same%20certificate%20error.%0A3.%20If%20your%20network%20uses%20a%20proxy%20or%20SSL%20inspection%2C%20add%20the%20proxy%E2%80%99s%20CA%20certificate%20to%20the%20trust%20store.%0A4.%20Only%20as%20a%20last%20resort%2C%20set%20the%20environment%20variable%20%60IN_SECURE_SKIP_VERIFY%3Dtrue%60%20to%20bypass%20 certificate%20checks%20%28not%20recommended%20for%20production%29%20%28%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/blob/main/env.example%23L65-L66%29%29.%0A%0AAlso%2C%20make%20sure%20your%20Jira%20endpoint%20in%20DevLake%20ends%20with%20%60/rest/%60%20%28not%20%60/rest/api/3/%60%29%2C%20so%20DevLake%20constructs%20the%20correct%20API%20URLs%20and%20avoids%20hitting%20non-API%20endpoints%20that%20can%20cause%20redirects%20or%20TLS%20errors%20%28%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/issues/8704%29%29.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/incubator-devlake/issues/8709) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
