This is definitely one for you @patrick…
I am doing an S3 Getfile and getting the following error:
Error executing \\\"GetObject\\\" on \\\"https://s3.eu-west-2.amazonaws.com/files.workshop-angel.com/30_2310b3944019959d_conscious_marketing.jpg\\\"; AWS HTTP error: cURL error 60: SSL certificate problem: unable to get local issuer certificate (see https://curl.haxx.se/libcurl/c/libcurl-errors.html)
If you click on the link it is referring to, you can see the file in your browser okay, so the SSL certificate seems to be working.
The S3 bucket is with AWS. I have contacted their tech support, and they believe the issue is something to do with the way that curl is being called… @patrick, can you help me solve this one please?
I’ve put their reply below.
Note that I am using Wappler 3.9.7.
Best wishes,
Antony.
PS - in terms of their reply, I seem to be accessing the file via the S3 domain…
= = = = = = = = = = = = = = = = = = = = = =
Hello,
Thank you for contacting AWS Premium Support regarding your S3 issue. My name is Emil, I am the Support Engineer working on your case.
From the case details, I understand that you would like to know why you are not able to use the curl command to access the object “30_2310b3944019959d_conscious_marketing.jpg”, feel free to correct me if I misunderstood something.
After my investigation, I can confirm that the object is accessible both, while retrieving through CloudFront and while retrieving through the S3 domain.
If the object is retrieved through the S3 domain with curl the official AWS S3 certificate is served. Here is the curl command for that:
If the object is retrieved through CloudFront you can use the AWS CloudFront domain or your custom domain. Here is the curl command for that:
curl https://d1ni5eragzrosb.cloudfront.net/30_2310b3944019959d_conscious_marketing.jpg -v
or
curl https://files.workshop-angel.com/30_2310b3944019959d_conscious_marketing.jpg -v
The reason you are observing the error you are describing is because your curl command is not able to verify the authenticity of the SSL certificates provided. After looking further into the issue it seems that you do not have the needed root certificates on your machine and/or curl is not able to access them.
To confirm that this is the issue you can simply use the “-k” option in curl to allow an insecure connetion. For example:
curl https://d1ni5eragzrosb.cloudfront.net/30_2310b3944019959d_conscious_marketing.jpg -v -k
If this request is successful you need to provide curl with the needed SSL root certificates so that it can verify the authenticity of your domains (or any domain in general).
To do that I would suggest you to follow the steps described here on stack overflow (third party link) in the first reply. [1]
In the end this should be the command you can run after you download the root certificates:
curl https://d1ni5eragzrosb.cloudfront.net/30_2310b3944019959d_conscious_marketing.jpg -v --cacert /path/to/cacert.pem (path to the file you have downloaded)
After that you should be able to confirm that there are no longer any errors. To fix the issue permanently you would need to investigate where the root certificate should be located on your operating system and add it there.
If you have any other questions or issues regarding S3 please let me know and I will be happy to assist you with that.
Thank you and have a great day.
References:
[1] StackOverflow: https://stackoverflow.com/questions/24611640/curl-60-ssl-certificate-problem-unable-to-get-local-issuer-certificate
We value your feedback. Please share your experience by rating this and other correspondences in the AWS Support Center. You can rate a correspondence by selecting the stars in the top right corner of the correspondence.
Best regards,
Emil A.
Amazon Web Services
Last updated: