Omada Controller v3.2.10 on Linux x64 jetty startup fails: Invalid keystore format
I am trying to use a custom keystore with a certificate generated from Let's Encrypt. This was working 6 months ago, but today when I tried to update my certificate (based on the steps at Recipe: Installing your own SSL certificate in Omada Controller 2.7.0 for Linux), the jetty server wouldn't start with this exception:
2022-02-27 14:26:24 [main] [ERROR]-[SourceFile:42] - fail to start up jetty server . java.io.IOException: Invalid keystore format at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658) ~[?:1.8.0_162] at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56) ~[?:1.8.0_162] at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224) ~[?:1.8.0_162] at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70) ~[?:1.8.0_162] at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_162] at org.eclipse.jetty.util.security.CertificateUtils.getKeyStore(CertificateUtils.java:55) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.util.ssl.SslContextFactory.getKeyStore(SslContextFactory.java:1053) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.util.ssl.SslContextFactory.loadKeyStore(SslContextFactory.java:1013) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.util.ssl.SslContextFactory.doStart(SslContextFactory.java:264) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:612) ~[jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.server.Server.doStart(Server.java:293) ~[jetty-server-8.1.15.v20140411.jar:8.1.15.v20140411] at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64) ~[jetty-util-8.1.15.v20140411.jar:8.1.15.v20140411] at com.tp_link.eap.start.c.b.a(SourceFile:40) [eap-start-3.2.10.jar:?] at com.tp_link.eap.start.c.a.e(SourceFile:75) [eap-start-3.2.10.jar:?] at com.tp_link.eap.start.task.EapJettyStartUpTask.a(SourceFile:19) [eap-start-3.2.10.jar:?] at com.tp_link.eap.m.e.a(SourceFile:13) [eap-infrastructure-3.2.10.jar:?] at com.tp_link.eap.start.a.i(SourceFile:446) [eap-start-3.2.10.jar:?] at com.tp_link.eap.start.EapLinuxMain.b(SourceFile:86) [eap-start-3.2.10.jar:?] at com.tp_link.eap.start.EapLinuxMain.start(SourceFile:36) [eap-start-3.2.10.jar:?] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_162] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_162] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_162] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_162] at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:243) [commons-daemon-1.0.15.jar:1.0.15]
I suspect there is an option in my SSL certificate that is no longer backward compatible with the version of jetty included with v3.2.10 of the Omada Controller, but is that the case? Will upgrading to the latest version (3.2.14) help with this?