Jenkins server is unable to download plugins from the https://updates.jenkins.io

[oleksandrmeleshchuk-epm]

Problem with this page

https://updates.jenkins.io/download/plugins/convert-to-pipeline/1.0/convert-to-pipeline.hpi

Expected behavior

jenkins server should be able to download files from the update server

Actual behavior

Caused: java.io.IOException: Failed to download from https://updates.jenkins.io/download/plugins/convert-to-pipeline/1.0/convert-to-pipeline.hpi (redirected to: https://ftp.halifax.rwth-aachen.de/jenkins/plugins/convert-to-pipeline/1.0/convert-to-pipeline.hpi)

Tried using multiple different locations in order to download plugins - result is the same

Possible solution

Look's like ftp.halifax.rwth-aachen.de is not reachable

[dduportal]

This issue looks related to the get.jenkins.io mirror redirector: transferring from jenkins-infra/jenkins.io to jenkins-infra/helpdesk issue tracker

[MarkEWaite]

I can't duplicate the issue. I'm able to download from all the mirrors listed for the git plugin, including the mirror at aachen.

[oleksandrmeleshchuk-epm]

Posting tracertoute output from multiple locations:
PL:

UA:




DE:

US:

[dduportal]

Hi @oleksandrmeleshchuk-epm thanks for reporting and sharing the traceroutes for diagnostics.

I confirm what @MarkEWaite said: I do not have any problem with my ISPs and the Jenkins platform itself to reach the Halifax FTP.

It means that either there is an issue due to your system networks or there are issues with some ISPs that we don't know about.

For information, I tried access from the following networks (with success):

• Belgium home ISPs (Voo, Proximus) and also their 4G data cellular (same)
• French home ISPs (Free, Orange) and also their 4G data cellular (same)
• AWS US East 1 (Virginia) and US East 2 (Ohio)
• Digital Ocean Frankfurt
• Azure US East

Your traceroutes seems to show that the blocker happens on differnet network layers from the Aachen university: could you check with them what could be the source of blocker (as the Jenkins project does not have any administrative access to ther system : they provide a mirror for us) from their web page at https://ftp.halifax.rwth-aachen.de/ ?

It looks like your network blocks their backbone access or that your network might be blocked by their firewalls (rate limit based on the usage done from your own network?).

Here is an example using curl with HTTPS (TCP/443) to fit the same scenario as being redirected by get.jenkins.io mirror redirector system:

curl -v https://ftp.halifax.rwth-aachen.de/ -v -o /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 137.226.34.46:443...
* Connected to ftp.halifax.rwth-aachen.de (137.226.34.46) port 443 (#0)
* ALPN: offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [331 bytes data]
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
{ [102 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [4930 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [428 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [37 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: C=DE; ST=Nordrhein-Westfalen; L=Aachen; O=RWTH Aachen; CN=ftp.halifax.rwth-aachen.de
*  start date: Sep 28 11:13:31 2022 GMT
*  expire date: Oct 29 11:13:31 2023 GMT
*  subjectAltName: host "ftp.halifax.rwth-aachen.de" matched cert's "ftp.halifax.rwth-aachen.de"
*  issuer: C=DE; O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.; OU=DFN-PKI; CN=DFN-Verein Global Issuing CA
*  SSL certificate verify ok.
* using HTTP/2
* h2h3 [:method: GET]
* h2h3 [:path: /]
* h2h3 [:scheme: https]
* h2h3 [:authority: ftp.halifax.rwth-aachen.de]
* h2h3 [user-agent: curl/7.88.1]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x136013400)
> GET / HTTP/2
> Host: ftp.halifax.rwth-aachen.de
> user-agent: curl/7.88.1
> accept: */*
> 
< HTTP/2 200 
< server: nginx/1.22.1
< date: Tue, 25 Jul 2023 11:12:53 GMT
< content-type: text/html
< content-length: 17911
< last-modified: Fri, 05 May 2023 20:14:33 GMT
< accept-ranges: bytes
< vary: Accept-Encoding
< 
{ [16237 bytes data]
100 17911  100 17911    0     0  39296      0 --:--:-- --:--:-- --:--:-- 39890
* Connection #0 to host ftp.halifax.rwth-aachen.de left intact