After configuring Nexus 3 to directly serve SSL the following exception may be seen in the sonatype-work/nexus3/log/nexus.log:
2020-08-12 16:20:54,450-0400 ERROR [jetty-main-1] *SYSTEM org.sonatype.nexus.bootstrap.jetty.JettyServer - Failed to start
java.security.UnrecoverableKeyException: Cannot recover key
This error indicates that the key cannot be retrieved from the keystore and is usually caused by an invalid password.
To correct this error, edit the $install/etc/jetty/jetty-https.xml file to use the correct value for the keystore passwords.
Make sure all three passwords are the same value. This is required.
More information on how to configure Nexus to directly serve SSL is available here:
https://help.sonatype.com/en/configuring-ssl.html#serving-ssl-directly