Maven dependencies are failing with a 501 error

Question

Recently Maven build jobs running in Jenkins are failing with the below exception saying that they couldn t pull dependencies from Maven Central and should use HTTPS  I m not sure how to change the requests from HTTP to HTTPS  Could someone guide me on this matter    ERROR  Unresolveable build extension  Plugin org apache maven wagon wagon-ssh 2 1 or one of its dependencies could not be resolved  Failed to collect dependencies for org apache maven wagon wagon-ssh jar 2 1     Failed to read artifact descriptor for org apache maven wagon wagon-ssh jar 2 1  Could not transfer artifact org apache maven wagon wagon-ssh pom 2 1 from to central  http   repo maven apache org maven2   Failed to transfer file  http   repo maven apache org maven2 org apache maven wagon wagon-ssh 2 1 wagon-ssh-2 1 pom  Return code is  501  ReasonPhrase HTTPS Required  - gt   Help 2  Waiting for Jenkins to finish collecting data ERROR  Plugin org apache maven plugins maven-clean-plugin 2 4 1 or one of its dependencies could not be resolved  Failed to read artifact descriptor for org apache maven plugins maven-clean-plugin jar 2 4 1  Could not transfer artifact org apache maven plugins maven-clean-plugin pom 2 4 1 from to central  http   repo maven apache org maven2   Failed to transfer file  http   repo maven apache org maven2 org apache maven plugins maven-clean-plugin 2 4 1 maven-clean-plugin-2 4 1 pom  Return code is  501   ReasonPhrase HTTPS Required  - gt   Help 1

User · Accepted Answer

The reason for the observed error is explained in Central 501 HTTPS Required

Effective January 15, 2020, The Central Repository no longer supports insecure communication over plain HTTP and requires that all requests to the repository are encrypted over HTTPS.

It looks like latest versions of Maven (tried with 3.6.0, 3.6.1) are already using the HTTPS URL by default.

Here are the dates when the major repositories will switch:

Your Java builds might break starting January 13th (if you haven't yet switched repo access to HTTPS)

Update: Seems like from maven 3.2.3 maven central is accessed via HTTPS See https://stackoverflow.com/a/25411658/5820670

Maven Change log (http://maven.apache.org/docs/3.2.3/release-notes.html)

User · Answer

Originally from https   stackoverflow com a 59796324 32453 though this might be useful   Beware that your parent pom can  re  define repositories as well  and if it has overridden central and specified http for whatever reason  you ll need to fix that  so places to fix     m2 settings xml  AND also parent poms    If you can t fix it in parent pom  you can override parent pom s repo s  like this  in your child pom  extracted from the 3 6 3 default super pom  seems they changed the name from repo1 as well       lt repositories gt       lt repository gt         lt id gt central lt  id gt         lt name gt Central Repository lt  name gt         lt url gt https   repo maven apache org maven2 lt  url gt   lt  -- the https you ve been looking for -- gt         lt layout gt default lt  layout gt         lt snapshots gt           lt enabled gt false lt  enabled gt   lt  -- or set to true if desired  default is false -- gt         lt  snapshots gt       lt  repository gt     lt  repositories gt

User · Answer

Maven is moving to HTTPS and disabling HTTP access  Short story  from January 15  2020  Maven Central repository is not longer supporting HTTP connections  other repositories are doing the same   Therefore  you will indicate your Maven Gradle settings to use an HTTPS URL   Solution   You can choose one of the following three approaches     Add a repository in your project  s pom xml file   lt project gt         lt repositories gt       lt repository gt         lt id gt central maven repo lt  id gt         lt name gt central maven repo https lt  name gt         lt url gt https   repo maven apache org maven2 lt  url gt       lt  repository gt     lt  repositories gt   lt  project gt   Add the repository into a profile in the settings xml file    lt profile gt     lt id gt my profile lt  id gt     lt repositories gt       lt repository gt         lt id gt central maven repo lt  id gt         lt name gt central maven repo https lt  name gt         lt url gt https   repo maven apache org maven2 lt  url gt         lt  repository gt     lt  repositories gt   lt  profile gt   Update you maven version to a new one that uses https values as default  The lastest one at this moment 3 6 3 Download here   For Gradle   Only replace the URL for the HTTPS version   repositories      maven   url  https   repo maven apache org maven2

User · Answer

As stated in other answers  https is now required to make requests to Maven Central  while older versions of Maven use http   If you don t want to cannot upgrade to Maven 3 2 3   you can do a workaround by adding the following code into your MAVEN HOME conf settings xml into the  lt profiles gt  section    lt profile gt       lt id gt maven-https lt  id gt       lt activation gt           lt activeByDefault gt true lt  activeByDefault gt       lt  activation gt       lt repositories gt           lt repository gt               lt id gt central lt  id gt               lt url gt https   repo1 maven org maven2 lt  url gt               lt snapshots gt                   lt enabled gt false lt  enabled gt               lt  snapshots gt           lt  repository gt       lt  repositories gt       lt pluginRepositories gt           lt pluginRepository gt               lt id gt central lt  id gt               lt url gt https   repo1 maven org maven2 lt  url gt               lt snapshots gt                   lt enabled gt false lt  enabled gt               lt  snapshots gt           lt  pluginRepository gt       lt  pluginRepositories gt    lt  profile gt    This will be always an active setting unless you disable override it in your POM when needed

User · Answer

I hit this problem with the latest version  August 2020   after not using Maven on this machine for ages  and was scratching my head as to why it could still be an issue after reading these answers  Turns out I had an old settings xml sitting in the  m2  folder in my home directory with some customisations from years ago  However  even deleting that file didn t fix it for me   I ended up deleting the entire  m2 folder  I don t think there was anything else in it except for downloaded resources   Maybe just deleting folders like repository org apache maven archetype would have been sufficient

User · Answer

For me  corporate coder  also adding a mirror repository in the settings xml fixed the issue  I am also using Maven inside a docker container    lt mirrors gt       lt mirror gt           lt id gt https-mirror lt  id gt           lt name gt Https Mirror Repository lt  name gt           lt url gt https   repo1 maven org maven2 lt  url gt           lt mirrorOf gt central lt  mirrorOf gt       lt  mirror gt   lt  mirrors gt

User · Answer

I was added following code segment to setting xml and it was resolved the issue    lt mirrors gt       lt mirror gt           lt id gt maven-mirror lt  id gt           lt name gt Maven Mirror lt  name gt           lt url gt https   repo maven apache org maven2 lt  url gt           lt mirrorOf gt central lt  mirrorOf gt       lt  mirror gt   lt  mirrors gt

User · Answer

The following link got me out of the trouble  https   support sonatype com hc en-us articles 360041287334-Central-501-HTTPS-Required You could make the changes either in your maven  apache-maven conf settings xml  Or  if you are specifying in your pom xml  make the change there  Before   lt repository gt               lt id gt maven central repo lt  id gt               lt url gt http   repo maven apache org maven2 lt  url gt   lt  repository gt   Now   lt repository gt               lt id gt maven central repo lt  id gt               lt url gt https   repo maven apache org maven2 lt  url gt   lt  repository gt

User · Answer

Update the central repository of Maven and use https instead of http    lt repositories gt       lt repository gt           lt id gt central lt  id gt           lt name gt Central Repository lt  name gt           lt url gt https   repo maven apache org maven2 lt  url gt           lt layout gt default lt  layout gt           lt snapshots gt               lt enabled gt false lt  enabled gt           lt  snapshots gt       lt  repository gt   lt  repositories gt

User · Answer

Effective January 15  2020  The Central Repository no longer supports   insecure communication over plain HTTP and requires that all requests   to the repository are encrypted over HTTPS       If you re receiving this error  then you need to replace all URL   references to Maven Central with their canonical HTTPS counterparts     source   We have made the following changes in my project s build gradle   Old   repositories      maven   url  http   repo maven apache org maven2        New   repositories      maven   url  https   repo maven apache org maven2

User · Answer

I was using an outdated version of Maven  3 0 3 and 3 1   These older versions no longer supports http repositories  as mentioned above   Upgrading to Maven 3 6 was the fix for me

User · Answer

Using Ubuntu 16 04  java 1 8 0 201   I un-installed old maven and installed Maven 3 6 3  still got this error that Maven dependencies are failing with a 501 error   Realized it could be a truststore keystore issue associated with requiring https  Found that you can now configure -Djavax options using a jvm config file  see  https   maven apache org configure html   As I am also using Tomcat I copied the keystore  amp  truststore config from Tomcat  setenv sh  to my jvm config and then it worked    There is also an option to pass the this config in  export MAVEN OPTS   when using mvn generate  but although this stopped the 501 error it created another  it expected a pom file    Creating a separate jvm config file works perfectly  just put it in the root of your project   Hopefully this helps someone  took me all day to figure it out

User · Answer

This error occured to me too  I did what Muhammad umer said above  But  it only solved error for spring-boot-dependencies and spring-boot-dependencies has child dependencies  Now  there were 21 errors  Previously  it was 2 errors  Like this  Non-resolvable import POM  Could not transfer artifact org springframework cloud spring-cloud-dependencies pom Hoxton SR3 from to central  and also https required in the error message  I updated the maven version from 3 2 2 to 3 6 3 and java version from 8 to 11  Now  all errors of https required are gone  To update maven version  Download latest maven from here  download maven Unzip and move it to  opt maven  Set the path export PATH  PATH  opt maven bin And  also remove old maven from PATH

User · Answer

I am facing the same problem  There are two solutions that I tried  and both works fine for me    Update the Maven version repository  Maven version    3 2 3  Restrict the current Maven version to use HTTPS  links    Update the Maven version repository   Download the Apache Maven binary that includes the default https addresses  Apache Maven 3 6 3 binary   And open the Options dialog window in tools of NetBeans menu bar  Java Maven Dialog View   And select browse option in Maven Home List Box  Maven Home List Box View   After adding the Apache Maven newly downloaded version  Updated Maven Home List Box View   the project builds and runs successfully   Restrict the current Maven version to use HTTPS  links   Include the following code in pom xml of your project    lt project gt                 lt pluginRepositories gt           lt pluginRepository gt               lt id gt central lt  id gt               lt name gt Central Repository lt  name gt               lt url gt https   repo maven apache org maven2 lt  url gt               lt layout gt default lt  layout gt               lt snapshots gt                   lt enabled gt false lt  enabled gt               lt  snapshots gt               lt releases gt                   lt updatePolicy gt never lt  updatePolicy gt               lt  releases gt           lt  pluginRepository gt       lt  pluginRepositories gt       lt repositories gt           lt repository gt               lt id gt central lt  id gt               lt name gt Central Repository lt  name gt               lt url gt https   repo maven apache org maven2 lt  url gt               lt layout gt default lt  layout gt               lt snapshots gt                   lt enabled gt false lt  enabled gt               lt  snapshots gt           lt  repository gt       lt  repositories gt   lt  project gt

User · Answer

Add this in pom xml file  It works fine for me  lt pluginRepositories gt       lt pluginRepository gt           lt id gt central lt  id gt           lt name gt Central Repository lt  name gt           lt url gt https   repo maven apache org maven2 lt  url gt           lt layout gt default lt  layout gt           lt snapshots gt               lt enabled gt false lt  enabled gt           lt  snapshots gt           lt releases gt               lt updatePolicy gt never lt  updatePolicy gt           lt  releases gt       lt  pluginRepository gt   lt  pluginRepositories gt    lt repositories gt       lt repository gt           lt id gt central lt  id gt           lt name gt Central Repository lt  name gt           lt url gt https   repo maven apache org maven2 lt  url gt           lt layout gt default lt  layout gt           lt snapshots gt               lt enabled gt false lt  enabled gt           lt  snapshots gt       lt  repository gt   lt  repositories gt

User · Answer

I downloaded latest eclipse and tarted to use from here https   www eclipse org downloads packages release  which resolved my problem

User · Answer

For all the corporate coders  ideally  if you get this error  it means that your code base is still being built from open-source community  You need to over ride the  central  repository with your in house company Maven repository manager   You can go to your settings xml and override your central repository URL from http     to https      lt M2 HOME gt  conf settings xml   Find the mirrors sections and add the following entry        lt mirror gt        lt id gt other-mirror lt  id gt        lt name gt Other Mirror Repository lt  name gt        lt url gt https   other-mirror repo other-company com maven2 lt  url gt        lt mirrorOf gt central lt  mirrorOf gt       lt  mirror gt    In the URL section  if you were using either http   repo1 maven org maven2  or http   repo maven apache org maven2  then  Replace http   repo1 maven org maven2  with https   repo1 maven org maven2   Replace http   repo maven apache org maven2  with https   repo maven apache org maven2   You need to ideally use your company source control management repository URL over here  As this will block any contact with open source Maven repository community   As mentioned in other answers  effective from 15 January 2020  the central Maven repository doesn t support insecure communication over plain HTTP

User · Answer

I have the same issue  but I use GitLab instead of Jenkins  The steps I had to do to get over the issue    My project is in GitLab so it uses the  yml file which points to a Docker image I have to do continuous integration  and the image it uses has the http   maven URLs  So I changed that to https   maven  That same Dockerfile image had an older version of Maven 3 0 1 that gave me issues just overnight  I updated the Dockerfile to get the latest version 3 6 3 I then deployed that image to my online repository  and updated my Maven project ymlfile to use that new image  And lastly  I updated my main projects POM file to reference https   maven    instead of http   maven   I realize that is more specific to my setup  But without doing all of the steps above I would still continue to get this error message Return code is  501   ReasonPhrase HTTPS Required

User · Answer

Sharing this in case anyone needs it   Old Gradle config  without Gitlab   Docker deployments   for simple projects   repositories   google   jcenter    maven   url  http   dl bintray com davideas maven    maven   url  https   plugins gradle org m2     maven   url  http   repo1 maven org maven2    maven   url  http   jcenter bintray com        New config    repositories   google   jcenter    maven   url  https   dl bintray com davideas maven    maven   url  https   plugins gradle org m2     maven   url  https   repo1 maven org maven2    maven   url  https   jcenter bintray com        Notice the https  Happy coding

User · Answer

If you are using Netbeans older version  you have to make changes in maven to use https over http  Open C  Program Files NetBeans8 0 2 java maven conf settings xml and paste below code in between mirrors tag   lt mirror gt   lt id gt maven-mirror lt  id gt   lt name gt Maven Mirror lt  name gt   lt url gt https   repo maven apache org maven2 lt  url gt   lt mirrorOf gt central lt  mirrorOf gt   lt  mirror gt    It will force maven to use https   repo maven apache org maven2 url

User · Answer

Add the following repository in pom xml    lt project gt           lt repositories gt           lt repository gt               lt id gt central lt  id gt               lt name gt Maven Plugin Repository lt  name gt               lt url gt https   repo1 maven org maven2 lt  url gt               lt layout gt default lt  layout gt               lt snapshots gt                   lt enabled gt false lt  enabled gt               lt  snapshots gt           lt  repository gt       lt  repositories gt       lt  project gt

User · Answer

Same issue is also occuring for jcenter      From 13 Jan 2020 onwards  Jcenter is only available at HTTPS    Projects getting their dependencies using the same will start facing issues  For quick fixes do the following in your build gradle   instead of   repositories   jcenter      others     use this    repositories   jcenter   url  http   jcenter bintray com      others

User · Answer

My current environment does not support HTTPS  so adding the insecure version of the repo solved my problem  http   insecure repo1 maven org as per Sonatype       lt repositories gt          lt repository gt             lt id gt Central Maven repository lt  id gt             lt name gt Central Maven repository insecure lt  name gt             lt url gt http   insecure repo1 maven org lt  url gt          lt  repository gt       lt  repositories gt

User · Answer

The error    Failed to transfer file  http   repo maven apache org maven2 org apache maven wagon wagon-ssh 2 1 wagon-ssh-2 1 pom    Return code is  501   ReasonPhrase HTTPS Required    Root cause analysis   Maven central is expecting that the clients use https  but the client is making plain HTTP request only   Therefore  the request for downloading the package named  wagon-ssh-2 1 pom  had failed   How to fix the problem   Replace the URL  http   repo maven apache org maven2   with   https   repo maven apache org maven2    in pom xml file or build gradle file of the project

User · Answer

Try to hit the below URL in any browser  It will return 501  http   repo maven apache org maven2 org apache maven wagon wagon-ssh 2 1 wagon-ssh-2 1 pom  Please try with https  It will download a pom xml file   https   repo maven apache org maven2 org apache maven wagon wagon-ssh 2 1 wagon-ssh-2 1 pom  Please add it  https   repo maven apache org maven2  in the setting xml file    lt repositories gt      lt repository gt         lt id gt Central Maven repository lt  id gt         lt name gt Central Maven repository https lt  name gt         lt url gt https   repo maven apache org maven2 lt  url gt      lt  repository gt   lt  repositories gt

User · Answer

I was using a clean install of Maven Java on a Docker container   For me  I had to cd  M2 HOME conf and edit the settings xml file there  Add the following block inside  lt mirrors gt     lt  mirrors gt    lt mirror gt     lt id gt central-secure lt  id gt     lt url gt https   repo maven apache org maven2 lt  url gt     lt mirrorOf gt central lt  mirrorOf gt   lt  mirror gt

[java] Maven dependencies are failing with a 501 error

Examples related to java

Examples related to maven

Examples related to jenkins

Examples related to maven-central