Support

Site Restoration

#23868 Kickstart - Amazon S3 SSL certificate problem

Posted in ‘Site restoration’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

PHP version
n/a
CMS Type
Other
CMS Version
n/a
Backup Tool Version
n/a
Kickstart version
n/a

Latest post by on Sunday, 17 January 2016 17:20 CST

Wednesday, 09 December 2015 03:51 CST

oorzaak
 Hi,

When trying to restore a backup from Amazon S3, I get this error message:

S3::listBuckets(): [60] SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I do restore backups from S3 on a regular basis - for development purposes. This is this first time that I get this error.


Kind regards, Frits

Wednesday, 09 December 2015 10:22 CST

tampe125
Hello Frits,

could you please uncheck the option "Use SSL"?
You are using an old version of Joomla that has an expired certificate, thus the error.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 09 December 2015 10:56 CST

oorzaak
Hi Davide,

Thanks for your reply. The only panel where I could find the option "Use SSL" is in the configuration of the Upload to Amazon S3 profile, which means that this setting is effective when creating a backup. However, this option is not enabled. Maybe there is an other option of the same name? If not, then this seems not to be the solution.


Kind regards, Frits

Thursday, 10 December 2015 05:31 CST

tampe125
Just to be sure, are you using the built-in restoration method or Kickstart?

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 10 December 2015 07:52 CST

oorzaak
As far as I know, I'm using Kickstart: I renamed the kickstart.php script, I uploaded script and the language file to the server and I started the kickstart script. Then I selected "Import from Amazon S3", entered my S3 details and clicked Connect to Amazon.

Frits


Edit: hey, after typing the above, I accidentally clicked Connect to Amazon without entering my S3 details and I got exactly the same error message! This is strange as it would suggest that I entered wrong details during my earlier attempts. However I'm quite sure that I used the same details when uploading to S3 and I can see that new backups are written to S3 correctly. But this may be a clue as to how to solve this?
Edited by oorzaak on 2015-12-10 07:55 CST

Thursday, 10 December 2015 08:43 CST

tampe125
Ok, so this means that your server cacert.pem is not updated.
You can contact your host, but the quickest solution is to manually upload Akeeba Backup cacert.pem file on the server, Kickstart will recognize it and use it, fixing your issue.
You can find such file inside Akeeba Backup:
administrator/components/com_akeeba/engine/cacert.pem

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 18 December 2015 04:29 CST

oorzaak
Hi Davide,

Your solution is working indeed: I uploaded the most recent cacert.pem to the same folder as the kickstart script (the root folder for the site that is to be restored). So thanks for that.

However, I tried restoring another site today and this resulted in the same error. Yet in this case the original site already has the most recent cacert.pem in its ../engine/ folder, as far as I can see.

I could solve this the same way as described above, but it puzzled me that I got the same error again in this situation.


Kind regards, Frits

Friday, 18 December 2015 04:49 CST

tampe125
If you have issues connecting using SSL, you have to manually upload the cacert.pem file along with Kickstart.
Akeeba Backup is not uploading it and we're not including it inside the default download package because that would double the size of the archive.
You have to manually do that.

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 18 December 2015 05:16 CST

oorzaak
Ok, thanks, I'll do that in the future.

Kind regards, Frits

Friday, 18 December 2015 05:26 CST

tampe125
You're welcome!

Davide Tampellini

Developer and Support Staff

๐Ÿ‡ฎ๐Ÿ‡นItalian: native ๐Ÿ‡ฌ๐Ÿ‡งEnglish: good โ€ข ๐Ÿ• My time zone is Europe / Rome (UTC +1)
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Sunday, 17 January 2016 17:20 CST

System Task
system
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
Edited by on 2016-01-17 17:20 CST

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!