On July 31, we published a deprecation notice for the usage non-secure URLs when registering webhooks in Jira Cloud.
Please see the full deprecation notice. Here’s a quick summary:
- Newly registered webhooks will require URLs that are secure (HTTPS)
- The server that receives the webhook events must have a valid SSL/TLS certificate issued from a globally recognized and trusted certificate authority (self-signed certificates are not acceptable).
- At this time, existing webhooks that use non-secure URLs will continue to receive event data; however, this may be subject to change in the future; therefore, it is recommended to migrate any operationally critical webhooks over to HTTPS.
We plan to remove support for accepting non-HTTPS URLs on newly registered webhooks by December 31, 2018. You can track the progress of this change by watching ticket ACJIRA-1559.