Connection Error - S3 Bug Endpoint?

Hey,
I’m unfortunately not able to load the Data from Scaleway. Maybe Bug path with Wildcard? Thanks

expecting *.cloud
get *. cloud.

Message

Host: kallados.com-backup.s3.nl-ams.scw.cloud. is not in the cert’s altnames: DNS:.s3-website.nl-ams.scw.cloud, DNS:.s3.nl-ams.scw.cloud, DNS:s3-website.nl-ams.scw.cloud, DNS:s3.nl-ams.scw.cloud

Error

ERR_TLS_CERT_ALTNAME_INVALID

{"message":"Hostname/IP does not match certificate's altnames: Host: kallados.com-backup.s3.nl-ams.scw.cloud. is not in the cert's altnames: DNS:*.s3-website.nl-ams.scw.cloud, DNS:*.s3.nl-ams.scw.cloud, DNS:s3-website.nl-ams.scw.cloud, DNS:s3.nl-ams.scw.cloud","name":"Error","stack":"Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: kallados.com-backup.s3.nl-ams.scw.cloud. is not in the cert's altnames: DNS:*.s3-website.nl-ams.scw.cloud, DNS:*.s3.nl-ams.scw.cloud, DNS:s3-website.nl-ams.scw.cloud, DNS:s3.nl-ams.scw.cloud\n at Object.checkServerIdentity (tls.js:297:12)\n at TLSSocket.onConnectSecure (_tls_wrap.js:1517:27)\n at TLSSocket.emit (events.js:376:20)\n at TLSSocket._finishInit (_tls_wrap.js:932:8)\n at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)","code":"ERR_TLS_CERT_ALTNAME_INVALID"}

Scenario

{
  "nodes": [
    {
      "parameters": {},
      "name": "Start",
      "type": "n8n-nodes-base.start",
      "typeVersion": 1,
      "position": [
        240,
        300
      ]
    },
    {
      "parameters": {
        "resource": "bucket",
        "operation": "getAll",
        "returnAll": true
      },
      "name": "S3",
      "type": "n8n-nodes-base.s3",
      "typeVersion": 1,
      "position": [
        460,
        300
      ],
      "credentials": {
        "s3": {
          "id": "33",
          "name": "Scaleway"
        }
      }
    }
  ],
  "connections": {
    "Start": {
      "main": [
        [
          {
            "node": "S3",
            "type": "main",
            "index": 0
          }
        ]
      ]
    }
  }
}
  • Scaleway Bucket: public
  • n8n version: 0.155.2
  • Running n8n with the execution process: default
  • Running n8n via Docker, Cloudron 7.0.4

Hey @kallados,

The error coming back is saying the issue is with the SSL certificate.

Looking at the returned alt names *.com-backup.s3.nl-ams.scw.cloud is not in there so you would need to create a new certificate for that / add it to the alt names.

Wildcard certificates only do one level so a cert for *.n8n.io wouldn’t work for *.test.n8n.io.

Hey, this is Wildcard Cert from Scaleway. I have another one Bucket and there is working everything as well.

*.com-backup.s3.nl-ams.scw.cloud

and bucket is

kallados.com-backup.s3.nl-ams.scw.cloud - dont’ work

zalando.space.s3.fr-par.scw.cloud - everything fine
zalando.space.s3.nl-ams.scw.cloud - everything fine

Each one contains point, but it’s not handled like a subdomain. Issue with Wildcard would be creating the same error with zalando.space.s3* right? It would be nice, just to be certain, that the Issue is not the point at the End of the Request.

I’ve just created bucket with test.test.test name and get the same issue. The Address on N8N is generated with the point at the end.

Hey @kallados,

The point at the end shouldn’t matter and should just be part of the error message.

If you look at the error and the list of domains in the certificate you are using a sub domain that has no entry in the cert file. As far as I know you can’t have a . in an fqdn without it being treated as a sub domain.

Do the Zalando URLs work in n8n? I would say if they are working then it seems unlikely that it would be a code level issue as the same logic would apply with adding the .

I can take a proper look in a few hours to see how the certs look.

As a quick test from my phone I have tried to open https://kallados.com-backup.s3.nl-ams.scw.cloud and I get a certificate issue as well.

The SSL Labs test tool is also showing the same issue: SSL Server Test: kallados.com-backup.s3.nl-ams.scw.cloud (Powered by Qualys SSL Labs)

yeah Zalando Link working :thinking:

It would be worth checking that certificate I am about 90% sure that is your issue as other things are also flagging the cert as being invalid.