FoF\Upload\Exceptions\InvalidDownloadException: cURL error 60: SSL: no alternative certificate subject name matches target host name

[arximughal]

Bug Report

Current Behavior File uploads are working fine when I try to upload a specific file type to AWS S3. But when I try to download the uploaded file -- it gives 500 server error. Checking the logs, I see. this:

FoF\Upload\Exceptions\InvalidDownloadException: cURL error 60: SSL: no alternative certificate subject name matches target host name 'BUCKET.club.s3.us-west-1.amazonaws.com' (see https://curl.haxx.se/libcurl/c/libcurl-errors.html) for https://BUCKET.s3.us-west-1.amazonaws.com/2022-05-12/1652343192-494067-file.pdf in /var/www/vustudents/vendor/fof/upload/src/Downloader/DefaultDownloader.php:77

Steps to Reproduce Error is not really visible on the website/front-end so I cannot really list down the steps here.

Expected Behavior AWS Bucket is accessible and the file uploaded through flarum is publicly accessible and downloadable when accessed through the direct URL. It should work fine when clicking the download link on the flarum post as well.

Screenshots NA

Environment

• Flarum version: 1.2.1
• Extension versions:
  • "fof/upload": "^1.2"
  • "league/flysystem-aws-s3-v3": "^1.0"
  • "aws/aws-sdk-php": "^3.222"
• Website URL: https://vustudents.club
• Webserver: apache
• Hosting environment: vps
• PHP version: 8.0
• Browser: Google Chrome Latest

Flarum core 1.2.1
PHP version: 8.0.13
MySQL version: 8.0.27-0ubuntu0.21.04.1
Loaded extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, pcntl, Reflection, SPL, session, standard, sodium, mysqlnd, PDO, xml, bcmath, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, iconv, imagick, imap, exif, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, xmlreader, xmlrpc, xmlwriter, xsl, zip, Zend OPcache
+--------------------------------+---------+--------+
| Flarum Extensions              |         |        |
+--------------------------------+---------+--------+
| ID                             | Version | Commit |
+--------------------------------+---------+--------+
| flarum-subscriptions           | v1.2.0  |        |
| flarum-tags                    | v1.2.0  |        |
| flarum-flags                   | v1.2.0  |        |
| flarum-markdown                | v1.2.0  |        |
| flarum-suspend                 | v1.2.0  |        |
| fof-follow-tags                | 1.1.2   |        |
| flarum-likes                   | v1.2.0  |        |
| flarum-approval                | v1.2.0  |        |
| therealsujitk-gifs             | v4.1.1  |        |
| sycho-profile-cover            | v1.3.1  |        |
| nearata-cakeday                | v2.0.0  |        |
| matteocontrini-imgur-upload    | v3.9.1  |        |
| fof-user-directory             | 1.2.2   |        |
| fof-user-bio                   | 1.0.2   |        |
| fof-upload                     | 1.2.0   |        |
| fof-socialprofile              | 1.1.1   |        |
| fof-sitemap                    | 1.0.3   |        |
| fof-share-social               | 1.1.0   |        |
| fof-reactions                  | 1.1.0   |        |
| fof-masquerade                 | 2.1.0   |        |
| fof-disposable-emails          | 1.0.0   |        |
| fof-best-answer                | 1.1.9   |        |
| flarum-sticky                  | v1.2.0  |        |
| flarum-statistics              | v1.2.0  |        |
| flarum-nicknames               | v1.2.0  |        |
| flarum-mentions                | v1.2.0  |        |
| flarum-lock                    | v1.2.0  |        |
| flarum-lang-english            | v1.2.0  |        |
| flarum-emoji                   | v1.2.0  |        |
| flarum-bbcode                  | v1.2.0  |        |
| clarkwinkelmann-likes-received | 1.0.2   |        |
| clarkwinkelmann-emojionearea   | 1.0.0   |        |
| afrux-asirem                   | v0.1.7  |        |
+--------------------------------+---------+--------+
Base URL: https://vustudents.club
Installation path: /var/www/vustudents
Queue driver: sync
Mail driver: mail
Debug mode: off

Possible solution(s)

Additional Context Add any other context about the problem here.

[clarkwinkelmann]

That's the internal request that Flarum makes to Amazon server-side.

Verify your server CABUNDLE file is up to date and able to validate Amazon's certificate. It's a global PHP thing not specific to Flarum.

[arximughal]

I was getting the SSL error when trying to download the files uploaded to S3. The issue turned out to be that if you have a . in the name of the bucket, you might get this error (or something like that idk). What I basically ended up doing was to create a new bucket with a name that didn't have any . in it. It was easy for me as I hadn't launch my forum at the moment so I didn't really have to worry about having to migrate the data or anything.

I hope this helps someone else. Closing the issue now.