Maven dependencies are failing with a 501 error
Recently Maven build jobs running in Jenkins are failing with the below exception saying that they couldn’t pull dependencies from Maven Central and should use HTTPS. I’m not sure how to change the requests from HTTP to HTTPS. Could someone guide me on this matter?
[ERROR] Unresolveable build extension:
Pluginorg.apache.maven.wagon:wagon-ssh:2.1or one of its dependencies could not be resolved:
Failed to collect dependencies fororg.apache.maven.wagon:wagon-ssh:jar:2.1 ():
Failed to read artifact descriptor fororg.apache.maven.wagon:wagon-ssh:jar:2.1:
Could not transfer artifactorg.apache.maven.wagon:wagon-ssh:pom:2.1from/to central (http://repo.maven.apache.org/maven2):
Failed to transfer file: http://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-ssh/2.1/wagon-ssh-2.1.pom.
Return code is:501, ReasonPhrase:HTTPS Required. -> [Help 2]Waiting for Jenkins to finish collecting
data[ERROR]
Pluginorg.apache.maven.plugins:maven-clean-plugin:2.4.1or one of its dependencies could not be resolved:
Failed to read artifact descriptor fororg.apache.maven.plugins:maven-clean-plugin:jar:2.4.1:
Could not transfer artifactorg.apache.maven.plugins:maven-clean-plugin:pom:2.4.1from/to central (http://repo.maven.apache.org/maven2):
Failed to transfer file: http://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.4.1/maven-clean-plugin-2.4.1.pom.
Return code is:501 , ReasonPhrase:HTTPS Required. -> [Help 1]
The reason for the observed error is explained in Central 501 HTTPS Required
Effective January 15, 2020, The Central Repository no longer supports insecure communication over plain HTTP and requires that all requests to the repository are encrypted over HTTPS.
It looks like latest versions of Maven (tried with 3.6.0, 3.6.1) are already using the HTTPS URL by default.
Here are the dates when the major repositories will switch:
Update: Seems like from maven 3.2.3 maven central is accessed via HTTPS See https://stackoverflow.com/a/25411658/5820670
Maven Change log (http://maven.apache.org/docs/3.2.3/release-notes.html)
I am facing the same problem. There are two solutions that I tried, and both works fine for me.
- Update the Maven version repository (Maven version >= 3.2.3)
- Restrict the current Maven version to use HTTPS links.
Update the Maven version repository:
Download the Apache Maven binary that includes the default https addresses (Apache Maven 3.6.3 binary). And open the Options dialog window in tools of NetBeans menu bar (Java Maven Dialog View). And select browse option in Maven Home List Box (Maven Home List Box View). After adding the Apache Maven newly downloaded version (Updated Maven Home List Box View), the project builds and runs successfully.
Restrict the current Maven version to use HTTPS links:
Include the following code in pom.xml of your project.
<project> ... <pluginRepositories> <pluginRepository> <id>central</id> <name>Central Repository</name> <url>https://repo.maven.apache.org/maven2</url> <layout>default</layout> <snapshots> <enabled>false</enabled> </snapshots> <releases> <updatePolicy>never</updatePolicy> </releases> </pluginRepository> </pluginRepositories> <repositories> <repository> <id>central</id> <name>Central Repository</name> <url>https://repo.maven.apache.org/maven2</url> <layout>default</layout> <snapshots> <enabled>false</enabled> </snapshots> </repository> </repositories> </project> 
Effective January 15, 2020, The Central Repository no longer supports insecure communication over plain HTTP and requires that all requests to the repository are encrypted over HTTPS.
If you’re receiving this error, then you need to replace all URL references to Maven Central with their canonical HTTPS counterparts.
(source)
We have made the following changes in my project’s build.gradle:
Old:
repositories { maven { url "http://repo.maven.apache.org/maven2" } } New:
repositories { maven { url "https://repo.maven.apache.org/maven2" } } 
Try to hit the below URL in any browser. It will return 501
http://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-ssh/2.1/wagon-ssh-2.1.pom
Please try with https. It will download a pom.xml file:
https://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-ssh/2.1/wagon-ssh-2.1.pom
Please add it (https://repo.maven.apache.org/maven2) in the setting.xml file:
<repositories> <repository> <id>Central Maven repository</id> <name>Central Maven repository https</name> <url>https://repo.maven.apache.org/maven2</url> </repository> </repositories> 
Update the central repository of Maven and use https instead of http.
<repositories> <repository> <id>central</id> <name>Central Repository</name> <url>https://repo.maven.apache.org/maven2</url> <layout>default</layout> <snapshots> <enabled>false</enabled> </snapshots> </repository> </repositories> 
I was using a clean install of Maven/Java on a Docker container.
For me, I had to cd $M2_HOME/conf and edit the settings.xml file there. Add the following block inside <mirrors>...</mirrors>
<mirror> <id>central-secure</id> <url>https://repo.maven.apache.org/maven2</url> <mirrorOf>central</mirrorOf> </mirror> 
I was using an outdated version of Maven (3.0.3 and 3.1). These older versions no longer supports http repositories (as mentioned above). Upgrading to Maven 3.6 was the fix for me.
Maven is moving to HTTPS and disabling HTTP access
Short story, from January 15, 2020, Maven Central repository is not longer supporting HTTP connections (other repositories are doing the same). Therefore, you will indicate your Maven/Gradle settings to use an HTTPS URL.
Solution:
You can choose one of the following three approaches.
-
Add a repository in your project´s
pom.xmlfile<project> ... <repositories> <repository> <id>central maven repo</id> <name>central maven repo https</name> <url>https://repo.maven.apache.org/maven2</url> </repository> </repositories> </project> -
Add the repository into a profile in the
settings.xmlfile.<profile> <id>my profile</id> <repositories> <repository> <id>central maven repo</id> <name>central maven repo https</name> <url>https://repo.maven.apache.org/maven2</url> </repository> </repositories> </profile> - Update you maven version to a new one that uses https values as default. The lastest one at this moment 3.6.3 Download here
For Gradle:
Only replace the URL for the HTTPS version.
repositories { maven { url "https://repo.maven.apache.org/maven2" } } 
I was added following code segment to setting.xml and it was resolved the issue,
<mirrors> <mirror> <id>maven-mirror</id> <name>Maven Mirror</name> <url>https://repo.maven.apache.org/maven2</url> <mirrorOf>central</mirrorOf> </mirror> </mirrors> 
As stated in other answers, https is now required to make requests to Maven Central, while older versions of Maven use http.
If you don’t want to/cannot upgrade to Maven 3.2.3+, you can do a workaround by adding the following code into your MAVEN_HOME\conf\settings.xml into the <profiles> section:
<profile> <id>maven-https</id> <activation> <activeByDefault>true</activeByDefault> </activation> <repositories> <repository> <id>central</id> <url>https://repo1.maven.org/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> </repository> </repositories> <pluginRepositories> <pluginRepository> <id>central</id> <url>https://repo1.maven.org/maven2</url> <snapshots> <enabled>false</enabled> </snapshots> </pluginRepository> </pluginRepositories> </profile> This will be always an active setting unless you disable/override it in your POM when needed.
