[Solved]Server resourcepack can't be downloaded

My server uses a Server Resource Pack hosted on the same Server as the minecraft server with Apache2 (LAMP Stack with Ubuntu 20.04). The connection is SSL encrypted with Let’s Encrypt and Certbot. But when the client try to download the resource pack the following error appears:

[19:58:54] [Downloader 0/INFO]: [STDERR]: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1497)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1512)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at aff.a(SourceFile:140)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at aff$$Lambda$3684/2138165375.get(Unknown Source)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1582)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at java.lang.Thread.run(Thread.java:745)
[19:58:54] [Downloader 0/INFO]: [STDERR]: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.validator.Validator.validate(Validator.java:260)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1479)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	... 18 more
[19:58:54] [Downloader 0/INFO]: [STDERR]: Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
[19:58:54] [Downloader 0/INFO]: [STDERR]: 	... 24 more

The problem seems to be:

unable to find valid certification path to requested target

Does anyone know if it is possible to create a “valid certification path to the requested target”, so minecraft accept it?

Thanks you for answering!

Yeah, early versions of Java 1.8 used by the Minecraft Launcher don’t support self signed certificates like lets encrypt. To ensure that this is the problem you can start your Minecraft client version with Java 11 or a much newer Java 8 version. If the resource pack works then you can be sure it is that problem.

Deactivate the self signed certificate for the path to the resource pack.

1 Like

Thank you, this helped. I switched to my AdoptOpenJDK 11 installation.

This works for you, but forcing every user to manually changing the Java Client version shouldn’t be the solution. Instead follow the solution.

With your LAMP setup your apache has a config where you map path to files and where you have configured stuff for SSL. You can exclude specific path from using the SSL certificate.

We can only hope that Mojang decides to update to a newer Java version. If not Java 11 at least a more up to date version of Java 8.

1 Like

So if I exclude the path from the SSL certificate the connection isn’t anymore encrypted?

Yes, but it isn’t encrypted only for this path.

1 Like

your resource pack would need to be pulled over HTTP or you’d need an SSL cert from somewhere which was in the older java versions default cert store, the downloaded file is verified by the SHA hash you should be using, and so the risk of something bad happening is unlikely as all heck

1 Like

It’s a pity, that’s Let’s encrypt is not supported by the native Java version of Minecraft, because I think the most little minecraft server using Let’s encrypt certificates.

I will create an extra subdomain for this use.

Thank you!