Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Java test HTTPS request to
// Based on java example:
// save as:
// compile using JDK: javac
// run: java URLConnectionReader
// good path: returns HTML
// bad path: throws an exception
public class URLConnectionReader {
public static void main(String[] args) throws Exception {
URL oracle = new URL("");
URLConnection yc = oracle.openConnection();
BufferedReader in = new BufferedReader(new InputStreamReader(
String inputLine;
while ((inputLine = in.readLine()) != null)

Is it working for you ?

I'm getting errors, only for and probably other letsencypt domains, my code works for other HTTPS servers...
I'm using Java8 / OSX

Exception in thread "main" PKIX path building failed: unable to find valid certification path to requested target

I've even tried adding their root CA in the truststore but it doesn't work either...

Enabling ssl debug info shows
Unparseable CertificatePolicies extension due to No data available in policyQualifiers

I'm stuck now...


Firefishy commented Dec 27, 2015

@chrisDeFouRire Letsencrypt is not in the default list of CAs in the Oracle Java JDK. Discussion here:


Firefishy commented Jul 20, 2016

Confirmed working with Oracle JDK >= 8u101 (final release)


Firefishy commented Sep 1, 2016

Also Oracle JDK >= 7u111

VVD commented Sep 16, 2016

Error still here.
$ java -version
openjdk version "1.8.0_102"
OpenJDK Runtime Environment (build 1.8.0_102-b14)
OpenJDK 64-Bit Server VM (build 25.102-b14, mixed mode)

After copy /usr/local/linux-oracle-jdk1.8.0/jre/lib/security/cacerts to /usr/local/openjdk8/jre/lib/security/cacerts all work fine => OpenJDK have old cacerts without trust for letsencrypt.

g0ddest commented Oct 25, 2016

java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

Error still there.

yglodt commented Oct 31, 2016

This SO-answer shows how to import the letsencrypt security chain, which "solves" the issue, even on a Raspberry Pi with jre 1.8.0_65:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment