Error "java.lang.IllegalArgumentException: File does not contain valid private key" occurs when configuring Mesh Nodes with SSL in Bitbucket Data Center

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

Error "org.springframework.context.ApplicationContextException: Failed to start bean 'grpcServer'; nested exception is java.lang.IllegalArgumentException: File does not contain valid private key: <mesh_home>/config/ssl/key.pem" occurs while configuring Mesh Nodes with SSL in Bitbucket Data Center.

1 2 ERROR [main] - o.s.boot.SpringApplication Application run failed org.springframework.context.ApplicationContextException: Failed to start bean 'grpcServer'; nested exception is java.lang.IllegalArgumentException: File does not contain valid private key: <mesh_home>/config/ssl/key.pem

Environment

Bitbucket Data Center 8.9.10

Applies to Bitbucket Data Center 8.x

Diagnosis

  • Validate if the certificate file and the private key are present under <mesh-home>/config/ssl

  • Validate if the private key is generated with a passphrase or not.

Cause

This issue generally occurs due to a private key generated through the passphrase.

Solution

To resolve this issue, remove the passphrase from the Private key by using the below steps as one of the solutions:

  • Go to the directory where the private key is present using the cd <dir> command.

  • Run this command: openssl rsa -in [original.key] -out [new.key]

  • Enter the passphrase for the original key when asked

  • The output file [new.key] should now be unencrypted. To verify this open the file with a text editor and check the headers:

    • Encrypted headers look like this:

      --BEGIN RSA PRIVATE KEY-----

      Proc-Type: 4, ENCRYPTED DEK-Info: DES-EDE3-CBC,

      6BD407785DD187EF...

      --END RSA PRIVATE KEY-----

    • Unencrypted headers look like this: --BEGIN RSA PRIVATE KEY---- 6BD407785DD187EF... ----END RSA PRIVATE KEY----

  • Now change the private key name in <mesh-home>/mesh.properties file to new file name if you have added an entry for grpc.server.ssl.private-key-path parameter with private key. Once done, restart Bitbucket.

Updated on March 5, 2025
Platform
Data Center only
Product
Bitbucket Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community