TeamCity Agent error: Error while asking server for the communication protocols

Answered

Hello JetBrains Team!

VPS: Ubuntu 20.04.2 LTS
Docker v20.10.7
Docker-Compose v1.29.1

I have the installed Nginx Proxy and Lets Encrypt. They allow to me to use HTTPS and unical URL address for each my container. It works fine. Now I want to start in the docker containers TeamCity Server and TeamCity Agent (through compose-file). My TeamCity Server works fine: you can see it on https://teamcity-server.dev.admincad.ru/

But TeamCity Agent doesn't work (its URL is https://teamcity-agent.dev.admincad.ru/ ). I get the error:

[2021-07-31 21:12:31,040] WARN - buildServer.AGENT.registration - Error while asking server for the communication protocols via URL https://teamcity-server.dev.admincad.ru/app/agents/protocols. Will try later: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (enable debug to see stacktrace)
[2021-07-31 21:12:31,041] WARN - buildServer.AGENT.registration - Error registering on the server via URL https://teamcity-server.dev.admincad.ru. Will continue repeating connection attempts.

In the web page https://teamcity-server.dev.admincad.ru/app/agents/protocols I see this:

<list><string>polling</string></list>

At this case I try to do it in my DEV environmen therefore for my Nginx Proxy and Lets Encrypt containers I use:

ACME_CA_URI=https://acme-staging-v02.api.letsencrypt.org/directory
LETSENCRYPT_TEST=true

Later (if all will work fine) I will be deploy it to PROD with such values:

ACME_CA_URI=https://acme-v02.api.letsencrypt.org/directory
LETSENCRYPT_TEST=false

This is my compose file (stack.yml) for TeamCity Server with TeamCity Agent:

version: "3.8"
services:
teamcity-server:
image: jetbrains/teamcity-server
container_name: "${TARGET_ENVIRONMENT}_${COMPOSE_PROJECT_NAME}-server"
restart: unless-stopped
volumes:
- "datadir:/data/teamcity_server/datadir"
- "logs:/opt/teamcity/logs"
env_file:
- "../../common.env"
- "../../common.$TARGET_ENVIRONMENT.env"
environment:
VIRTUAL_PORT: "8111"
VIRTUAL_HOST: "${COMPOSE_PROJECT_NAME}-server.$HOST_URL"
LETSENCRYPT_HOST: "${COMPOSE_PROJECT_NAME}-server.$HOST_URL"
LETSENCRYPT_EMAIL: "$LETSENCRYPT_EMAIL"

teamcity-agent:
image: jetbrains/teamcity-agent
container_name: "${TARGET_ENVIRONMENT}_${COMPOSE_PROJECT_NAME}-agent"
restart: unless-stopped
volumes:
- "conf:/data/teamcity_agent/conf"
env_file:
- "../../common.env"
- "../../common.$TARGET_ENVIRONMENT.env"
environment:
SERVER_URL: "https://${COMPOSE_PROJECT_NAME}-server.$HOST_URL"
VIRTUAL_PORT: "9090"
VIRTUAL_HOST: "${COMPOSE_PROJECT_NAME}-agent.$HOST_URL"
LETSENCRYPT_HOST: "${COMPOSE_PROJECT_NAME}-agent.$HOST_URL"
LETSENCRYPT_EMAIL: "$LETSENCRYPT_EMAIL"
depends_on:
- teamcity-server

volumes:
datadir:
name: "${TARGET_ENVIRONMENT}-server_datadir"
logs:
name: "${TARGET_ENVIRONMENT}-server_logs"
conf:
name: "${TARGET_ENVIRONMENT}-agent_conf"

networks:
default:
external: true
name: "${TARGET_ENVIRONMENT}_proxy-network"

How can I solve the problem?

Thank you!

1 comment
Comment actions Permalink

Most likely the certificate is not trusted by the Java running the build agent. You can add trusted certificates to your build agents by placing them in <TeamCity Agent Home>/conf/trustedCertificates. I would suggest adding your certificate to this directory for your build agent to see if it resolves the issue. 

For additional information on delivering certificates to build agents, please visit our documentation at https://www.jetbrains.com/help/teamcity/uploading-ssl-certificates.html#Delivering+certificates+to+TeamCity+agents.

0

Please sign in to leave a comment.