N2WS 3.x - Backup may fail with "could not get object from aws. Reason: SSL validation for <Host> [SSL: CERTIFICATE_VERIFY_FAILED]"
Issue:
Running backups may fail with the following error:
ERROR: run_snapshots(agent.py:1796) (instance: i-1234567) could not get object from aws. Reason: SSL validation failed for https://ec2.us-east-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) (UnknownError)
Solution:
This issue usually occur due to firewall, gateway or proxy interrupting or replacing the certificate for the API calls. for example we have seen in the past that It's something that's blocking the connection because it
can't validate an SSL cert at s3.amazonaws.com. we have seen this before (for example with FortiGate). you need to whitelist
amazonaws.com or *.amazonaws.com or however the product you're using
requires"
You can test if it is some Firewall that causes the issue by connecting to the N2WS instance (user is cpmuser) and trying to run this commands:
- curl -v https://ec2.us-east-1.amazonaws.com (you need to replace "ec2" with the endpoint in your error message, and "us-east-1" with the region in your error message)
- aws ec2 describe-snapshots --owner-ids self
If any of the commands fails with same SSL issue, then the problem is in the network (firewall, proxy,etc...) and not with the N2WS server.
You need to allow CPM Server to connect to AWS Endpoints directly, or to stop using any functionality that requires injecting self-signed certificates on your firewall, gateway or proxy for CPM Server's IP.