S3 Upload backup failed: "certificate verify failed"

Hello everyone.

We have an S3 bucket that has dot “.” as part of its name, like: my.bucket. Upload to S3 backup fails because S3 wildcard certificate does not cover the domain that is constructed for this bucket. I can’t also browser this bucket from Virtualmin. The exact message from backup log is:

File does not exist: Can’t connect to my.bucket.with.dot.s3.amazonaws.com:443 (certificate verify failed)

LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
at S3/ListBucketResponse.pm line 26

Similar message appears when I try to browse the bucket from Virtualmin. I was looking for a setting where I can disable certificate verification but I could not find anything. There seems to be no simple fix for it:
a) *.s3.amazonaws.com wildcard certificate covers “1st level subdomains” only so buckets with dot in their name are not covered
b) the wildcard certificate itself is trusted so it’s not the matter of untrusted certificate
c) S3 does not allow to upload custom certificate

Any help (other than changing bucket name of course) would be highly appreciated.

Thank you.
Leszek

Howdy,

Unfortunately, I think changing the bucket name would be your only real option.

You may be able to edit the S3 upload code within Virtualmin itself to allow connections to invalid SSL certificates, but that would get overwritten each time Virtualmin is upgraded.

-Eric

Hi Eric,

Ok, I’m not going to change the code for the reasons you mentioned. I guess we will just need to change our naming convetion.
On the other hand I believe it might be something worth including in Virtualmin as a configuration option for the future.
Anyway, thank you.

Leszek

same issue here, but with my own s3 compatible storage.
the cert is issued for *.mydomain.ch
the s3 storage is reachable under:
bucketname.s3.mydomain.ch
or
s3.mydomain.ch/bucketname

what can i do?

same problem here with me…

seems to be a major issue…

any advice ???