Location of S3 backup settings

Plx · January 10, 2026, 8:58am

hello. I am try to S3 backups working to a non-aws S3 storage system, on two miab instances, at two locations. I have it working on one, but not the other. So, I am am trying see where the configuration settings, .conf or whatever, in the file system are located. Can anyone help? Thanks

KiekerJan · January 10, 2026, 3:41pm

You should be able to do it all from the admin panel. On the filesystem, I think all backup settings are stored in /home/user-data/backup/custom.yaml

Plx · January 10, 2026, 11:20pm

Hi. Thanks for that, much appreciated & was what I was looking for. The error messages in the Backup admin panel are not specific enough to troubleshoot issues. e.g., one just says “Enter an S3 bucket name.” even if there is one named. I was able to copy the config to the other machine, modify slightly & test. It didn’t work, but at least I know it was not the configuration that’s the problem. Iz

Richard5 · January 11, 2026, 5:20pm

Just to help as I got it working but the panel looks quite different then several version ago when I entered it. The yaml should look like:

target: s3://region.amazonaws.com/bucketname/
target_pass: secret key
target_user: access key

At least that is how my working config looks

replace region, bucketname and the rest with your settings.

Plx · January 12, 2026, 8:10am

Hi there. Thank you for your comment, that is how the yaml file was structured. Of the two systems I am working with, one is on a VPS, and is working ok, albeit with the duplicity error below. It only differs from the recommended install in that it is running on ARM, not x86. It’s been going fine. The other is self hosted at home, on x86 bare metal. The email side works fine, email flows & certs install. But the non-AWS S3 is causing problems. I can connect to my bucket with RClone, https etc but not MIAB. It could be any number of issues. I’m still experimenting - might get there eventually!
Errors, for example:

WARNING 1
. WARNING: Using boto3 >= 1,36.0 with non-amazon s3 services may result in checksum errors. a workaround is to set the following env vars
*. *
. export AWS_REQUEST_CHECKSUM_CALCULATION=when_required
. export AWS_RESPONSE_CHECKSUM_VALIDATION=when_required
*. *
. see boto3 1.36+ breaks Duplicity...but there is a workaround (#870) · Issues · duplicity / duplicity · GitLab for details.

Attempt of list Nr. 1 failed. SSLError: SSL validation failed for https://object-storage.nz-por-1.catalystcloud.io/mailtwo hostname ‘object-storage.nz-por-1.catalystcloud.io’ doesn’t match either of ‘autoconfig.mail.abcd.xyz’, ‘autodiscover.mail.abcd.xyz’, ‘mail.abcd.xyz’, ‘mta-sts.mail.abcd.xyz’
WARNING 1

Thanks, Iz

elsiehupp · January 16, 2026, 7:53pm

I’ve been getting the same message:

WARNING: Using boto3 >= 1,36.0 with non-amazon s3 services may result in checksum errors. a workaround is to set the following env vars

    export AWS_REQUEST_CHECKSUM_CALCULATION=when_required
    export AWS_RESPONSE_CHECKSUM_VALIDATION=when_required

see https://gitlab.com/duplicity/duplicity/-/issues/870 for details.

And this is the only remotely relevant thread, so I’m responding here.

As best I can tell, the solution to this problem is to add the environmental variables to /etc/environment. One way to do this is with nano.

First, ssh into your Box. Then:

sudo nano /etc/environment

In nano, scroll down one line, paste the following:

export AWS_REQUEST_CHECKSUM_CALCULATION=when_required
export AWS_RESPONSE_CHECKSUM_VALIDATION=when_required

(You may want to add an extra line break at the end, hence the blank line in the blockquote.)

Next, type Ctrl-O to save the file, then Ctrl-X to exit nano.

The environmental variables should take hold the next time the server is rebooted (I think?), so if you want to make sure they’ve taken hold, you can manually force-restart with the following:

sudo reboot

Note that there are other, more elegant ways to add these environmental variables, such as with echo and >>, but I’m not sure how to put the sudo in the correct place for that, hence just using nano.

After rebooting, you can ssh in again check the variables with echo:

echo "$AWS_REQUEST_CHECKSUM_CALCULATION"

Should print when_required, and

echo "$AWS_RESPONSE_CHECKSUM_VALIDATION"

Should also print when_required.

I just cross-posted this as an Issue on the MiaB GitHub, since I feel like probably these environmental variables could be set by the MiaB installer without any detrimental side effects.

Plx · January 16, 2026, 10:54pm

Hi. Thanks very much Elsie(?), I will apply the fix. I’m getting an alert about it everyday so that’s a motivation to attend to it Thank you for raising it in GitHub & I agree it is a good idea asking for it to be corrected for in the installer.
The issue I’m most struggling with is that odd ‘SSLError’. It’s very perplexing, especially given all SSL Certificates are reporting as correct & up to date in the MIAB Status page. Iz

elsiehupp · January 17, 2026, 10:30pm

You’re welcome!

Though after 24h and another daily backup cycle I got another email with the same error, so the fix I proposed may or may not have actually worked…

If I put line breaks in the error you’re seeing, it looks like this:

Attempt of list Nr. 1 failed.

SSLError: SSL validation failed for https://object-storage.nz-por-1.catalystcloud.io/mailtwo

hostname object-storage.nz-por-1.catalystcloud.io doesn’t match either of

autoconfig.mail.abcd.xyz

autodiscover.mail.abcd.xyz

mail.abcd.xyz

mta-sts.mail.abcd.xyz

Does improving the legibility of the error like this help at all?

I searched for the error (using Kagi, so I can’t really share the search itself), and I got the following results:

github.com/boto/boto3

SSL validation failed

opened 12:15PM - 14 Feb 19 UTC

closed 06:01PM - 22 Feb 19 UTC

azhwani

closing-soon

# Meta Python: 2.7.5 Pip : pip 18.1 from /usr/lib/python2.7/site-packages/pip …(python 2.7) AWS CLI : aws-cli/1.16.104 Python/2.7.5 Linux/3.10.0-862.3.3.el7.x86_64 botocore/1.12.94 Boto3 : 1.9.94 Centos : CentOS Linux release 7.5.1804 (Core) # My script ``` import boto3 from botocore.exceptions import ClientError ec2 = boto3.client('ec2') try: response = ec2.describe_instances() print(response) except ClientError as e: print(e) ``` When I run my script, I get this exception : * botocore.exceptions.SSLError: SSL validation failed for https://ec2.region.amazonaws.com/ hostname 'ec2.region.amazonaws.com' doesn't match either of '*.com.com', 'com.com' Please any help would be appreciated! Thanks!

github.com/aws/containers-roadmap

[EKS] [Request]: IAM Roles for Service Accounts don't work with sts vpc endpoint

opened 12:43PM - 19 Nov 19 UTC

closed 07:28PM - 17 Jul 20 UTC

oleksii-boiko-ua

EKS Proposed

**Tell us about your request** I'm trying to use "IAM Roles for Service Account…s" in private VPC without Internet, Nat Gateways. It works fine in VPC with internet access. **Which service(s) is this request for?** EKS **Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?** When I deploy pod with a service account in spec everything looks fine, pod is mutating and the environment variables and necessary setting are automatically injected. Then I'm accessing pod via kubectl exec and run command > aws s3 ls --region eu-west-1 --debug or any other and I see that it's trying to connect to global sts `Starting new HTTPS connection (1): sts.amazonaws.com:443` and failed with a timeout. How can I force it to use my regional sts vpc endpoint like sts.eu-west-1.amazonaws.com? **Are you currently working around this issue?** I even tried to add cname record in coredns but recived > botocore.exceptions.SSLError: SSL validation failed for https://sts.amazonaws.com/ ("hostname 'sts.amazonaws.com' doesn't match either of 'sts.eu-west-1.amazonaws.com', '*.sts.eu-west-1.vpce.amazonaws.com'",)

github.com/home-assistant/core

Rachio integration failing to setup because of hostname mismatch on SSL certificate

opened 12:35PM - 24 Nov 24 UTC

closed 07:35AM - 25 Nov 24 UTC

bcameron21

integration: rachio

### The problem My rachio integration started failing to setup and reload was p…roducing an error. I then deleted the integration and added it again. The setup is still failing with the same error. With adding the new integration the setup fails after entering the API key. From the logs it seems to be some error in the cerficate between the api.rach.io and engagednation.com hostnames. ### What version of Home Assistant Core has the issue? 2024.11.2 ### What was the last working version of Home Assistant Core? _No response_ ### What type of installation are you running? Home Assistant OS ### Integration causing the issue Rachio ### Link to integration documentation on our website https://www.home-assistant.io/integrations/rachio/ ### Diagnostics information _No response_ ### Example YAML snippet _No response_ ### Anything in the logs that might be useful for us? ```txt Error from adding new integration: Logger: homeassistant.components.rachio.config_flow Source: components/rachio/config_flow.py:80 integration: Rachio (documentation, issues) First occurred: 2:10:38 PM (2 occurrences) Last logged: 2:13:52 PM Unexpected exception Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 716, in urlopen httplib_response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 404, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1061, in _validate_conn conn.connect() File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 472, in connect _match_hostname(cert, self.assert_hostname or server_hostname) File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 545, in _match_hostname match_hostname(cert, asserted_hostname) File "/usr/local/lib/python3.12/site-packages/urllib3/util/ssl_match_hostname.py", line 155, in match_hostname raise CertificateError("hostname %r doesn't match %r" % (hostname, dnsnames[0])) urllib3.util.ssl_match_hostname.CertificateError: hostname 'api.rach.io' doesn't match '*.engagednation.com' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 667, in send resp = conn.urlopen( ^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 802, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 594, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.rach.io', port=443): Max retries exceeded with url: /1/public/person/info (Caused by SSLError(CertificateError("hostname 'api.rach.io' doesn't match '*.engagednation.com'"))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/components/rachio/config_flow.py", line 80, in async_step_user info = await validate_input(self.hass, user_input) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/src/homeassistant/homeassistant/components/rachio/config_flow.py", line 46, in validate_input data = await hass.async_add_executor_job(rachio.person.info) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/rachiopy/person.py", line 21, in info return self.get_request("person/info") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/rachiopy/rachioobject.py", line 70, in get_request return self._request(path, "GET", body) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/rachiopy/rachioobject.py", line 48, in _request response = self._http_session.request( ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 589, in request resp = self.send(prep, **send_kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 703, in send r = adapter.send(request, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 698, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='api.rach.io', port=443): Max retries exceeded with url: /1/public/person/info (Caused by SSLError(CertificateError("hostname 'api.rach.io' doesn't match '*.engagednation.com'"))) Error from reloading Rachio integration (before I deleted it) Logger: homeassistant.config_entries Source: config_entries.py:635 First occurred: 2:04:28 PM (1 occurrences) Last logged: 2:04:28 PM Error setting up entry <my rachio account name> for rachio Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 716, in urlopen httplib_response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 404, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1061, in _validate_conn conn.connect() File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 472, in connect _match_hostname(cert, self.assert_hostname or server_hostname) File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 545, in _match_hostname match_hostname(cert, asserted_hostname) File "/usr/local/lib/python3.12/site-packages/urllib3/util/ssl_match_hostname.py", line 155, in match_hostname raise CertificateError("hostname %r doesn't match %r" % (hostname, dnsnames[0])) urllib3.util.ssl_match_hostname.CertificateError: hostname 'api.rach.io' doesn't match '*.engagednation.com' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 667, in send resp = conn.urlopen( ^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 802, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 594, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.rach.io', port=443): Max retries exceeded with url: /1/public/person/info (Caused by SSLError(CertificateError("hostname 'api.rach.io' doesn't match '*.engagednation.com'"))) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/config_entries.py", line 635, in __async_setup_with_context result = await component.async_setup_entry(hass, self) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/src/homeassistant/homeassistant/components/rachio/__init__.py", line 73, in async_setup_entry await person.async_setup(hass) File "/usr/src/homeassistant/homeassistant/components/rachio/device.py", line 76, in async_setup await hass.async_add_executor_job(self._setup, hass) File "/usr/local/lib/python3.12/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/src/homeassistant/homeassistant/components/rachio/device.py", line 140, in _setup response = rachio.person.info() ^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/rachiopy/person.py", line 21, in info return self.get_request("person/info") ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/rachiopy/rachioobject.py", line 70, in get_request return self._request(path, "GET", body) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/rachiopy/rachioobject.py", line 48, in _request response = self._http_session.request( ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 589, in request resp = self.send(prep, **send_kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/sessions.py", line 703, in send r = adapter.send(request, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/requests/adapters.py", line 698, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='api.rach.io', port=443): Max retries exceeded with url: /1/public/person/info (Caused by SSLError(CertificateError("hostname 'api.rach.io' doesn't match '*.engagednation.com'"))) ``` ### Additional information I also noticed issues with my Nabu Casa cloud setup. It was saying "refreshing subscription". I logged out and logged back in and also seemed to get a hostname certificate error. Logger: homeassistant.components.cloud.http_api Source: components/cloud/http_api.py:134 integration: Home Assistant Cloud (documentation, issues) First occurred: 2:27:57 PM (1 occurrences) Last logged: 2:27:57 PM Unexpected error processing request for /api/cloud/login Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 716, in urlopen httplib_response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 404, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1061, in _validate_conn conn.connect() File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 472, in connect _match_hostname(cert, self.assert_hostname or server_hostname) File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 545, in _match_hostname match_hostname(cert, asserted_hostname) File "/usr/local/lib/python3.12/site-packages/urllib3/util/ssl_match_hostname.py", line 150, in match_hostname raise CertificateError( urllib3.util.ssl_match_hostname.CertificateError: hostname 'cognito-idp.us-east-1.amazonaws.com' doesn't match either of 'rscollaborationsdev.com', '*.rscollaborationsdev.com' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/botocore/httpsession.py", line 464, in send urllib_response = conn.urlopen( ^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 802, in urlopen retries = retries.increment( ^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/util/retry.py", line 527, in increment raise six.reraise(type(error), error, _stacktrace) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/packages/six.py", line 769, in reraise raise value.with_traceback(tb) File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 716, in urlopen httplib_response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 404, in _make_request self._validate_conn(conn) File "/usr/local/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1061, in _validate_conn conn.connect() File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 472, in connect _match_hostname(cert, self.assert_hostname or server_hostname) File "/usr/local/lib/python3.12/site-packages/urllib3/connection.py", line 545, in _match_hostname match_hostname(cert, asserted_hostname) File "/usr/local/lib/python3.12/site-packages/urllib3/util/ssl_match_hostname.py", line 150, in match_hostname raise CertificateError( urllib3.exceptions.SSLError: hostname 'cognito-idp.us-east-1.amazonaws.com' doesn't match either of 'rscollaborationsdev.com', '*.rscollaborationsdev.com' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.12/site-packages/hass_nabucasa/auth.py", line 177, in async_login await self.cloud.run_executor( File "/usr/local/lib/python3.12/concurrent/futures/thread.py", line 58, in run result = self.fn(*self.args, **self.kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pycognito/__init__.py", line 499, in authenticate tokens = aws.authenticate_user(client_metadata=client_metadata) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/pycognito/aws_srp.py", line 389, in authenticate_user response = boto_client.initiate_auth( ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/client.py", line 565, in _api_call return self._make_api_call(operation_name, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/client.py", line 1001, in _make_api_call http, parsed_response = self._make_request( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/client.py", line 1027, in _make_request return self._endpoint.make_request(operation_model, request_dict) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/endpoint.py", line 119, in make_request return self._send_request(request_dict, operation_model) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/endpoint.py", line 202, in _send_request while self._needs_retry( ^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/endpoint.py", line 354, in _needs_retry responses = self._event_emitter.emit( ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/hooks.py", line 412, in emit return self._emitter.emit(aliased_event_name, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/hooks.py", line 256, in emit return self._emit(event_name, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/hooks.py", line 239, in _emit response = handler(**kwargs) ^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/retryhandler.py", line 207, in __call__ if self._checker(**checker_kwargs): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/retryhandler.py", line 284, in __call__ should_retry = self._should_retry( ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/retryhandler.py", line 320, in _should_retry return self._checker(attempt_number, response, caught_exception) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/retryhandler.py", line 363, in __call__ checker_response = checker( ^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/retryhandler.py", line 247, in __call__ return self._check_caught_exception( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/retryhandler.py", line 416, in _check_caught_exception raise caught_exception File "/usr/local/lib/python3.12/site-packages/botocore/endpoint.py", line 281, in _do_get_response http_response = self._send(request) ^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/endpoint.py", line 377, in _send return self.http_session.send(request) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/local/lib/python3.12/site-packages/botocore/httpsession.py", line 491, in send raise SSLError(endpoint_url=request.url, error=e) botocore.exceptions.SSLError: SSL validation failed for https://cognito-idp.us-east-1.amazonaws.com/ hostname 'cognito-idp.us-east-1.amazonaws.com' doesn't match either of 'rscollaborationsdev.com', '*.rscollaborationsdev.com' The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/components/cloud/http_api.py", line 134, in error_handler result = await handler(view, request, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 74, in wrapper return await method(view, request, data, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/src/homeassistant/homeassistant/components/cloud/http_api.py", line 221, in post await cloud.login(data["email"], data["password"]) File "/usr/local/lib/python3.12/site-packages/hass_nabucasa/__init__.py", line 225, in login await self.auth.async_login(email, password) File "/usr/local/lib/python3.12/site-packages/hass_nabucasa/auth.py", line 197, in async_login raise UnknownError from err hass_nabucasa.auth.UnknownError

You could try searching in each page for the strings SSLError: SSL validation failed for and doesn't match either of. (Note that doesn't has a non-curly apostrophe, so if you just type it, and it autocorrects to doesn’t, i.e. with a curly apostrophe, you might not find a result.)

Plx · January 18, 2026, 5:42am

Hi there. I decided to build a new box, with a different domain name. I have learned that before you use the same domain for various experimental Linux installs, it pays to delete DNSSEC settings first at your registrar, so that was worth finding out. With the clean install, and different domain, so far 97.8% of things are going fine. The SSL errors went away (sure that was a DNSSEC issue); I didn’t bother trying to use the GUI to set up S3 backup, I just created the custom.yaml file, added the settings it needs (from above) and rebooted. It backs up fine… except that

WARNING: Using boto3 >= 1,36.0 with non-amazon s3 services may result…

error message does not go away, even, as you found out, adding those environment variables. It’s a bit annoying, but pales in comparison to the joy of actually getting it to work with my obscure S3 host. I guess the next step is to see that those back ups are restorable.

I do get the impression Duplicity is the MIAB software problem that keeps giving. On my ARM MIAB VPS at Hetzner, Duplicity was the only item modified to make it work

dms · January 25, 2026, 11:04am

I replied to the github issue regarding this topic. Didn’t notice until now that it was being discussed here.

github.com/mail-in-a-box/mailinabox

Upstream issues with boto in Duplicity

opened 07:59PM - 16 Jan 26 UTC

elsiehupp

For a couple weeks I've been getting this message from Mail-in-a-Box every time …it runs a backup. ``` WARNING: Using boto3 >= 1,36.0 with non-amazon s3 services may result in checksum errors. a workaround is to set the following env vars export AWS_REQUEST_CHECKSUM_CALCULATION=when_required export AWS_RESPONSE_CHECKSUM_VALIDATION=when_required see https://gitlab.com/duplicity/duplicity/-/issues/870 for details. ``` Note that, yes, I am in fact using a non-Amazon service for object storage. I didn't find a relevant Issue here, but I found someone reporting the same message on the MiaB Discourse, so [I initially responded there](https://discourse.mailinabox.email/t/location-of-s3-backup-settings/16208/6). As best I can tell, the solution to this problem is to add the environmental variables to `/etc/environment`. One way to do this is with `nano`. First, `ssh` into your Box. Then: ```sh sudo nano /etc/environment ``` In `nano`, scroll down one line, paste the following: ```sh export AWS_REQUEST_CHECKSUM_CALCULATION=when_required export AWS_RESPONSE_CHECKSUM_VALIDATION=when_required ``` (You may want to add an extra line break at the end, hence the blank line in the blockquote.) Next, type Ctrl-O to save the file, then Ctrl-X to exit `nano`. The environmental variables should take hold the next time the server is rebooted (I think?), so if you want to make sure they've taken hold, you can manually force-restart with the following: ```sh sudo reboot ``` Note that there are other, more elegant ways to add these environmental variables, such as with `echo` and `>>`, but I'm not sure how to put the `sudo` in the correct place for that, hence just using `nano`. After rebooting, you can `ssh` in again check the variables with `echo`: ```sh echo "$AWS_REQUEST_CHECKSUM_CALCULATION" ``` Should print `when_required`, and ```sh echo "$AWS_RESPONSE_CHECKSUM_VALIDATION" ``` Should also print `when_required`. Anyway, I feel like probably these environmental variables could be set by the MiaB installer without any detrimental side effects, and adding this action to the MiaB installer would probably count as a "fix" for this Issue I am creating.

Maybe you’ve already tried this, but if not, I’d be curious if is resolves the noise.

Plx · January 27, 2026, 7:59am

Hi. I have followed the suggestion outlined in the github thread to add those lines to the cron job & they do seem to have suppressed the alert. @elsiehupp - Have you tried the suggestion?
One final thing I’d like to check is the backups are in fact still restorable.
Thank you ‘dms’

Plx · January 28, 2026, 6:28am

Alas, I’m still getting the warning emails :-/