S3-php5-curl on AWS EC2 instance - requested domain name does not match the server's certificate
Solution 1
Try using AWS SDK for PHP 1.5.5 and make sure that you specify your region and set path_style to true. For me I'm in Singapore so my code will be:
$s3 = new AmazonS3();
$s3->set_region(AmazonS3::REGION_APAC_SE1);
$s3->path_style = true;
This seems to work for me.
Hope it helps!
Cheers, Ardy
Solution 2
You can always instruct CURL not to check for a valid SSL certificate by editing s3-php5-curl/S3.php changing lines 1298-1299 to:
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
This is necessay for buckets that are of x.z.s3.amazonaws.com type, as pointed out by datasage in the comments above, the wildcard SSL cert of *.s3.amazonaws.com does not cover those.
Solution 3
Unable to communicate securely with peer: requested domain name does not match the server's certificate.
This error occurs when CURL tries to verify the certificate. While you can disable this setting with curl options, why the certificate name mismatch exists.
It looks like the library you have is somewhat dated, you may want to consider using this: http://aws.amazon.com/sdkforphp/
chrislewisdev
Updated on June 11, 2022Comments
-
chrislewisdev almost 2 years
I am using s3-php5-curl to access my AWS S3 bucket.
The
getBucket()function works fine and retrieves a result when I host the PHP app myself but when I put the exact same code into a AWS EC2 instance (default AIM - Linux, Apache, PHP), I get the following error:Warning: S3::getBucket(): [51] Unable to communicate securely with peer: requested domain name does not match the server's certificate. In /var/www/html/s3-php5-curl/S3.php on line 136 Warning: Invalid argument supplied for foreach() in /var/www/html/index.php on line 15I can't make sense of it. What does it mean and how can I resolve it?
EDIT: I did mark this as answered but I was wrong. I have linked to what the underlying problem seems to be irrespective of whether you use the Amazon SDK or the php5-curl library. There seems to be a general problem affecting EC2 users in some regions who try to programmatically access their S3 buckets relating to SSL certification where the bucket name includes a full-stop (aka period). It has been documented but lays unresolved here.
-
chrislewisdev about 11 yearsFunnily enough I was just setting this up when I saw your answer. To confirm - yes it works perfectly with the sdk for php. Thank you.
-
chrislewisdev about 11 yearsSorry I had to untick this as the answer. What worked was the listbuckets function but everything else I now try on the SDK fails. The problem seems to be the same underlying issue as I mentioned above and is documented but unresolved in AWS forums here. Setting path style to true apparently doesn't work in all versions and have tried that too (based in UK) to no avail. Any help appreciated.
-
datasage about 11 yearsI suspect I know what is happening. Amazon s3 has a wildcard cert with the path *.s3.amazonaws.com. Buckets are accessed via name.s3.amazonaws.com. If you add another dot to the name, the wildcard cert will no longer verify, because it will only validate at one level. Your only option in this case may be to disable host verification. Let me look at the sdk to see how that is done. -
chrislewisdev about 11 yearsyes, they mention that in the aws forum (In the PHP SDK, in
requestcore.class.php, on line 601 (in the 1.3.1 release, anyway), try changing the value ofCURLOPT_SSL_VERIFYHOSTto false.) whilst I could do this it isn't recommended so am hoping someone might have another solution. -
datasage about 11 yearsBased on how SSL works I don't think there is any other option. The main reason for this option is to prevent man-in-the-middle attacks, but if you are connecting for an ec2 instance to an s3 endpoint in the same region, i think you have bigger problems if someone manages to pull off a man in the middle attack.
-
chrislewisdev about 11 yearsPerfect! This now works! It seems to be a region thing. To confirm, having set the region to EU_WEST I can now access my bucket from EC2 using SSL with verifyhost still enabled. Thank you so much that's sorted my problem for me.
-
Anton Babenko about 11 yearsThis didn't work for me until I added
$s3->ssl_verification = false;(AWS v1.5.10) -
e40 almost 11 yearsAnd, it happens when using the
-bargument toec2-upload-bundle. I had to remove the.from my bucket name.
