We are running nearly latest Jenkins (checked here https://www.jenkins.io/download/) for ourselves and there is one stupid error that seems to be connected with security and how the Jenkins is setup so maybe you will not fall for this stupid thing too and save some time looking around wondering WTF is happening.
TL;DR
Just setup Jenkins to force to use https like described in the end here : https://drtailor.medium.com/how-to-set-up-https-for-jenkins-with-a-self-signed-certificate-on-ubuntu-20-04-2813ef2df537
or you can tell your browser to use just use https automagically like this https://support.mozilla.org/en-US/kb/https-only-prefs
When this problem happens
- you are logged in and you want to trigger build and you have rights for that
- your Jenkins is by accident opened as http and not https (and still you are logged in)
- there was no other build triggered yet (so you see Build Now button)
- when you click the Build Now button there is note “Build scheduled”
- no visible error on the page
How my Build scheduled note looks like after which nothing happens (yes, just like if all would work but nope):
What is the problem
If you would open the dev tools you would see that this error happens https://www.theserverside.com/blog/Coffee-Talk-Java-News-Stories-and-Opinions/Fix-No-Valid-Crumb-Error-Jenkins-GitHub-WebHook-Included but the UI will not tell you that (unfortunately).
This might happen if you have still valid cookie or “somehow” managed to get valid cookie that is not issued with https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#secure property.
What would you see looking at requests to Jenkins when running over http:
What would you see looking at requests to Jenkins when running over https (yes, the old http cookie plus all the Secure ones):
How to fix this
It doesn’t matter how you managed to get a valid cookie without Secure property, you should delete it and reauthenticate. If you will delete all cookies (for your Jenkins machine URL) and get a new one by authenticating, then if you would deliberately switch to http you would not be logged in altogether since the new cookie with Secure prop would not be sent. In the end you are more secure now.
Alternatively as said in tldf switch Jenkins to just use https OR switch your browser to https only mode.
Hope you saved some time.