Maven dependencies are failing with a 501 error
Recently Maven build jobs running in Jenkins are failing with the below exception saying that they couldn’t pull dependencies from Maven Central and should use HTTPS. I’m not sure how to change the requests from HTTP to HTTPS. Could someone guide me on this matter?
[ERROR] Unresolveable build extension:
Pluginorg.apache.maven.wagon:wagon-ssh:2.1or one of its dependencies could not be resolved:
Failed to collect dependencies fororg.apache.maven.wagon:wagon-ssh:jar:2.1 ():
Failed to read artifact descriptor fororg.apache.maven.wagon:wagon-ssh:jar:2.1:
Could not transfer artifactorg.apache.maven.wagon:wagon-ssh:pom:2.1from/to central (http://repo.maven.apache.org/maven2):
Failed to transfer file: http://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-ssh/2.1/wagon-ssh-2.1.pom.
Return code is:501, ReasonPhrase:HTTPS Required. -> [Help 2]Waiting for Jenkins to finish collecting
data[ERROR]
Pluginorg.apache.maven.plugins:maven-clean-plugin:2.4.1or one of its dependencies could not be resolved:
Failed to read artifact descriptor fororg.apache.maven.plugins:maven-clean-plugin:jar:2.4.1:
Could not transfer artifactorg.apache.maven.plugins:maven-clean-plugin:pom:2.4.1from/to central (http://repo.maven.apache.org/maven2):
Failed to transfer file: http://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-clean-plugin/2.4.1/maven-clean-plugin-2.4.1.pom.
Return code is:501 , ReasonPhrase:HTTPS Required. -> [Help 1]
I have the same issue, but I use GitLab instead of Jenkins. The steps I had to do to get over the issue:
- My project is in GitLab so it uses the .yml file which points to a Docker image I have to do continuous integration, and the image it uses has the http://maven URLs. So I changed that to https://maven.
- That same Dockerfile image had an older version of Maven 3.0.1 that gave me issues just overnight. I updated the Dockerfile to get the latest version 3.6.3
- I then deployed that image to my online repository, and updated my Maven project ymlfile to use that new image.
- And lastly, I updated my main projects POM file to reference https://maven… instead of http://maven
I realize that is more specific to my setup. But without doing all of the steps above I would still continue to get this error message Return code is: 501 , ReasonPhrase:HTTPS Required
For all the corporate coders, ideally, if you get this error, it means that your code base is still being built from open-source community. You need to over ride the “central” repository with your in house company Maven repository manager.
You can go to your settings.xml and override your central repository URL from http:// to https://
<M2_HOME>/conf/settings.xml Find the mirrors sections and add the following entry:
<mirror> <id>other-mirror</id> <name>Other Mirror Repository</name> <url>https://other-mirror.repo.other-company.com/maven2</url> <mirrorOf>central</mirrorOf> </mirror> In the URL section, if you were using either http://repo1.maven.org/maven2/ or http://repo.maven.apache.org/maven2/ then
Replace http://repo1.maven.org/maven2/ with https://repo1.maven.org/maven2/
Replace http://repo.maven.apache.org/maven2/ with https://repo.maven.apache.org/maven2/
You need to ideally use your company source control management/repository URL over here. As this will block any contact with open source Maven repository community.
As mentioned in other answers, effective from 15 January 2020, the central Maven repository doesn’t support insecure communication over plain HTTP.
For me (corporate coder) also adding a mirror repository in the settings.xml fixed the issue. I am also using Maven inside a docker container.
<mirrors> <mirror> <id>https-mirror</id> <name>Https Mirror Repository</name> <url>https://repo1.maven.org/maven2</url> <mirrorOf>central</mirrorOf> </mirror> </mirrors> 
Using Ubuntu 16.04, java 1.8.0_201.
I un-installed old maven and installed Maven 3.6.3, still got this error that Maven dependencies are failing with a 501 error.
Realized it could be a truststore/keystore issue associated with requiring https. Found that you can now configure -Djavax options using a jvm.config file, see: https://maven.apache.org/configure.html.
As I am also using Tomcat I copied the keystore & truststore config from Tomcat (setenv.sh) to my jvm.config and then it worked!
There is also an option to pass the this config in ‘export MAVEN_OPTS’ (when using mvn generate) but although this stopped the 501 error it created another: it expected a pom file.
Creating a separate jvm.config file works perfectly, just put it in the root of your project.
Hopefully this helps someone, took me all day to figure it out!
Same issue is also occuring for jcenter.
From 13 Jan 2020 onwards, Jcenter is only available at HTTPS.
Projects getting their dependencies using the same will start facing issues. For quick fixes do the following in your build.gradle
instead of
repositories { jcenter () //others } use this:
repositories { jcenter { url "http://jcenter.bintray.com/"} //others } 
The error:
Failed to transfer file: http://repo.maven.apache.org/maven2/org/apache/maven/wagon/wagon-ssh/2.1/wagon-ssh-2.1.pom.
Return code is: 501 , ReasonPhrase:HTTPS Required.
Root cause analysis:
Maven central is expecting that the clients use https, but the client is making plain HTTP request only.
Therefore, the request for downloading the package named ‘wagon-ssh-2.1.pom’ had failed.
How to fix the problem?
Replace the URL “http://repo.maven.apache.org/maven2“
with “https://repo.maven.apache.org/maven2”
in pom.xml file or build.gradle file of the project.
Sharing this in case anyone needs it:
Old Gradle config( without Gitlab , Docker deployments , for simple projects)
repositories { google() jcenter() maven { url "http://dl.bintray.com/davideas/maven" } maven { url 'https://plugins.gradle.org/m2/' } maven { url 'http://repo1.maven.org/maven2' } maven { url 'http://jcenter.bintray.com' } } New config :
repositories { google() jcenter() maven { url "https://dl.bintray.com/davideas/maven" } maven { url 'https://plugins.gradle.org/m2/' } maven { url 'https://repo1.maven.org/maven2' } maven { url 'https://jcenter.bintray.com' } } Notice the https. Happy coding 🙂
My current environment does not support HTTPS, so adding the insecure version of the repo solved my problem: http://insecure.repo1.maven.org as per Sonatype
<repositories> <repository> <id>Central Maven repository</id> <name>Central Maven repository insecure</name> <url>http://insecure.repo1.maven.org</url> </repository> </repositories> 
Originally from https://stackoverflow.com/a/59796324/32453 though this might be useful:
Beware that your parent pom can (re) define repositories as well, and if it has overridden central and specified http for whatever reason, you’ll need to fix that (so places to fix: ~/.m2/settings.xml AND also parent poms).
If you can’t fix it in parent pom, you can override parent pom’s repo’s, like this, in your child pom (extracted from the 3.6.3 default super pom, seems they changed the name from repo1 as well):
<repositories> <repository> <id>central</id> <name>Central Repository</name> <url>https://repo.maven.apache.org/maven2</url> <!-- the https you've been looking for --> <layout>default</layout> <snapshots> <enabled>false</enabled> <!-- or set to true if desired, default is false --> </snapshots> </repository> </repositories> 
Add this in pom.xml file. It works fine for me
<pluginRepositories> <pluginRepository> <id>central</id> <name>Central Repository</name> <url>https://repo.maven.apache.org/maven2</url> <layout>default</layout> <snapshots> <enabled>false</enabled> </snapshots> <releases> <updatePolicy>never</updatePolicy> </releases> </pluginRepository> </pluginRepositories> <repositories> <repository> <id>central</id> <name>Central Repository</name> <url>https://repo.maven.apache.org/maven2</url> <layout>default</layout> <snapshots> <enabled>false</enabled> </snapshots> </repository> </repositories> 
