On 08.10.2018 14:37, Eric Christensen wrote: > New question #674847 on Duplicity: > https://answers.launchpad.net/duplicity/+question/674847 > > I'm trying to use a S3 bucket I created in the Ohio region for my off-site > backup storage. When connecting to the server, however, I get the following > error: > > CertificateError: hostname 's3-us-east-2.amazonaws.com.s3.amazonaws.com' > doesn't match either of '*.s3.amazonaws.com', 's3.amazonaws.com' > > (That is the address to the Ohio S3 endpoint[0], by the way.) > > My first thought was that Amazon was somehow using a bad wildcard certificate > at the endpoint which was causing the problem. Upon further investigation, > it appears that the certificate used is proper[1]. Does Duplicity use a > stored certificate for verifying the connection? Why would this error being > happening? > > [0] https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region > [1] https://www.ssllabs.com/ssltest/analyze.html?d=s3.us-east-2.amazonaws.com >
hey Eric, afaik and according to https://en.wikipedia.org/wiki/Wildcard_certificate " Limitations Only a single level of subdomain matching is supported in accordance with RFC 2818.[7] " so the error is valid. where does 's3-us-east-2.amazonaws.com.s3.amazonaws.com' come from? see https://www.ssllabs.com/ssltest/analyze.html?d=s3-us-east-2.amazonaws.com.s3.amazonaws.com also note from your info above s3-us-east-2.amazonaws.com.s3.amazonaws.com is not the same as s3.us-east-2.amazonaws.com the aws docs above seem to say s3.us-east-2.amazonaws.com s3-us-east-2.amazonaws.com (prefixed 's3.' or 's3-') are valid [0] . what is you command line (especially the target url)? ..ede/duply.net _______________________________________________ Mailing list: https://launchpad.net/~duplicity-team Post to : [email protected] Unsubscribe : https://launchpad.net/~duplicity-team More help : https://help.launchpad.net/ListHelp
