[GH-ISSUE #770] Server certificate error #440

Closed
opened 2026-03-04 01:45:35 +03:00 by kerem · 6 comments
Owner

Originally created by @yeniugo on GitHub (May 28, 2018).
Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/770

Additional Information

The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all.

Version of s3fs being used (s3fs --version)

Amazon Simple Storage Service File System V1.83(commit:6555e7e) with OpenSSL
Copyright (C) 2010 Randy Rizun rrizun@gmail.com
License GPL2: GNU GPL version 2 http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Version of fuse being used (pkg-config --modversion fuse)

2.9.2

System information (uname -r)

4.15.13-x86_64-linode106

Distro (cat /etc/issue)

\S
Kernel \r on an \m

s3fs command line used (if applicable)

s3fs mybucket /path/to/mountpoint -o passwd_file=~/.passwd-s3fs -o dbglevel=info -f -o curldbg

/etc/fstab entry (if applicable):

hide my bucket and path

/dev/sda         /                       ext4    defaults        1 1
/dev/sdb        swap                       swap    defaults        0 0
s3fs#mybucket mountpath fuse _netdev,allow_other 0 0

s3fs syslog messages (grep s3fs /var/log/syslog, or s3fs outputs)

if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages

Details about issue

this is the debug message

* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* Server certificate:
*       subject: CN=*.s3.amazonaws.com,O=Amazon.com Inc.,L=Seattle,ST=Washington,C=US
*       start date: Sep 22 00:00:00 2017 GMT
*       expire date: Jan 03 12:00:00 2019 GMT
*       common name: *.s3.amazonaws.com
*       issuer: CN=DigiCert Baltimore CA-2 G2,OU=www.digicert.com,O=DigiCert Inc,C=US
* NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
* Unable to communicate securely with peer: requested domain name does not match the server's certificate.
* Closing connection 0
[ERR] curl.cpp:RequestPerform(2200): ###curlCode: 51  msg: SSL peer certificate or SSH remote key was not OK
[ERR] curl.cpp:CheckBucket(3107): Check bucket failed, S3 response: 
[CRT] s3fs.cpp:s3fs_check_service(3787): unable to connect(host=https://s3.amazonaws.com) - result of checking service.
[ERR] s3fs.cpp:s3fs_exit_fuseloop(3369): Exiting FUSE event loop due to errors

[INF] s3fs.cpp:s3fs_destroy(3428): destroy

and i don't know what to do?
can i install it used wiki of install?because my server is centos 7.4,when i used it in ubuntu 18.04,is the same error,the error is that.

* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256
*        server certificate verification OK
*        server certificate status verification SKIPPED
* SSL: certificate subject name (*.s3.amazonaws.com) does not match target host name 'entertainment.yeniugo.com.s3.amazonaws.com'
* stopped the pause stream!
* Closing connection 0
[ERR] curl.cpp:RequestPerform(2078): ###curlCode: 51  msg: SSL peer certificate or SSH remote key was not OK
[ERR] curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: 
[CRT] s3fs.cpp:s3fs_check_service(3820): unable to connect(host=https://s3.amazonaws.com) - result of checking service.
[ERR] s3fs.cpp:s3fs_exit_fuseloop(3368): Exiting FUSE event loop due to errors

[INF] s3fs.cpp:s3fs_destroy(3441): destroy
[WAN] s3fs.cpp:s3fs_destroy(3445): Could not release curl library.

from the message,all is the certificate check error.and this is all.

Originally created by @yeniugo on GitHub (May 28, 2018). Original GitHub issue: https://github.com/s3fs-fuse/s3fs-fuse/issues/770 ### Additional Information _The following information is very important in order to help us to help you. Omission of the following details may delay your support request or receive no attention at all._ #### Version of s3fs being used (s3fs --version) Amazon Simple Storage Service File System V1.83(commit:6555e7e) with OpenSSL Copyright (C) 2010 Randy Rizun <rrizun@gmail.com> License GPL2: GNU GPL version 2 <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. #### Version of fuse being used (pkg-config --modversion fuse) 2.9.2 #### System information (uname -r) 4.15.13-x86_64-linode106 #### Distro (cat /etc/issue) \S Kernel \r on an \m #### s3fs command line used (if applicable) ``` s3fs mybucket /path/to/mountpoint -o passwd_file=~/.passwd-s3fs -o dbglevel=info -f -o curldbg ``` #### /etc/fstab entry (if applicable): # hide my bucket and path ``` /dev/sda / ext4 defaults 1 1 /dev/sdb swap swap defaults 0 0 s3fs#mybucket mountpath fuse _netdev,allow_other 0 0 ``` #### s3fs syslog messages (grep s3fs /var/log/syslog, or s3fs outputs) _if you execute s3fs with dbglevel, curldbg option, you can get detail debug messages_ ``` ``` ### Details about issue this is the debug message ``` * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * Server certificate: * subject: CN=*.s3.amazonaws.com,O=Amazon.com Inc.,L=Seattle,ST=Washington,C=US * start date: Sep 22 00:00:00 2017 GMT * expire date: Jan 03 12:00:00 2019 GMT * common name: *.s3.amazonaws.com * issuer: CN=DigiCert Baltimore CA-2 G2,OU=www.digicert.com,O=DigiCert Inc,C=US * NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN) * Unable to communicate securely with peer: requested domain name does not match the server's certificate. * Closing connection 0 [ERR] curl.cpp:RequestPerform(2200): ###curlCode: 51 msg: SSL peer certificate or SSH remote key was not OK [ERR] curl.cpp:CheckBucket(3107): Check bucket failed, S3 response: [CRT] s3fs.cpp:s3fs_check_service(3787): unable to connect(host=https://s3.amazonaws.com) - result of checking service. [ERR] s3fs.cpp:s3fs_exit_fuseloop(3369): Exiting FUSE event loop due to errors [INF] s3fs.cpp:s3fs_destroy(3428): destroy ``` and i don't know what to do? can i install it used wiki of install?because my server is centos 7.4,when i used it in ubuntu 18.04,is the same error,the error is that. ``` * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * SSL: certificate subject name (*.s3.amazonaws.com) does not match target host name 'entertainment.yeniugo.com.s3.amazonaws.com' * stopped the pause stream! * Closing connection 0 [ERR] curl.cpp:RequestPerform(2078): ###curlCode: 51 msg: SSL peer certificate or SSH remote key was not OK [ERR] curl.cpp:CheckBucket(2953): Check bucket failed, S3 response: [CRT] s3fs.cpp:s3fs_check_service(3820): unable to connect(host=https://s3.amazonaws.com) - result of checking service. [ERR] s3fs.cpp:s3fs_exit_fuseloop(3368): Exiting FUSE event loop due to errors [INF] s3fs.cpp:s3fs_destroy(3441): destroy [WAN] s3fs.cpp:s3fs_destroy(3445): Could not release curl library. ``` from the message,all is the certificate check error.and this is all.
kerem closed this issue 2026-03-04 01:45:36 +03:00
Author
Owner

@yeniugo commented on GitHub (May 30, 2018):

i find the reason,python-backports-ssl_match_hostnameerror,i need to reinstall this

<!-- gh-comment-id:393053471 --> @yeniugo commented on GitHub (May 30, 2018): i find the reason,`python-backports-ssl_match_hostname`error,i need to reinstall this
Author
Owner

@yeniugo commented on GitHub (May 30, 2018):

when i update python-backports-ssl_match_hostname to the last,it only same question,and i dont know how to solve it

<!-- gh-comment-id:393193834 --> @yeniugo commented on GitHub (May 30, 2018): when i update `python-backports-ssl_match_hostname` to the last,it only same question,and i dont know how to solve it
Author
Owner

@yeniugo commented on GitHub (May 30, 2018):

i change the url to http://s3.amazonaws.com,and i works,and i need test more.

<!-- gh-comment-id:393224235 --> @yeniugo commented on GitHub (May 30, 2018): i change the url to `http://s3.amazonaws.com`,and i works,and i need test more.
Author
Owner

@mattzuba commented on GitHub (Jun 29, 2018):

It's likely because your bucket name contains a period.

<!-- gh-comment-id:401464737 --> @mattzuba commented on GitHub (Jun 29, 2018): It's likely because your bucket name contains a period.
Author
Owner

@larryboymi commented on GitHub (Aug 8, 2018):

Sorry if I've missed it, but what's the solution if your bucket name contains a period @mattzuba ?

edit:... nvm I saw use_path_request_style in the wiki.... thanks!

<!-- gh-comment-id:411409480 --> @larryboymi commented on GitHub (Aug 8, 2018): Sorry if I've missed it, but what's the solution if your bucket name contains a period @mattzuba ? edit:... nvm I saw `use_path_request_style` in the wiki.... thanks!
Author
Owner

@gaul commented on GitHub (Mar 17, 2019):

Closing based on suggestion by @mattzuba since this is likely cause by periods in the bucket name. Please reopen if symptoms persist.

<!-- gh-comment-id:473608261 --> @gaul commented on GitHub (Mar 17, 2019): Closing based on suggestion by @mattzuba since this is likely cause by periods in the bucket name. Please reopen if symptoms persist.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/s3fs-fuse#440
No description provided.