Failed to authorize without "accept-any-ssl-certificate" option (SOLVED)

So I’m running the latest canary (2.0.2.8_canary_2017-09-20) on a Debian system. And for some reason I can’t get Duplicati to authorize the SSL certificate from Amazon Drive. I get the following error:

Failed to connect: Failed to authorize using the OAuth service: Error: TrustFailure (The authentication or decryption has failed.). If the problem persists, try generating a new authid token from: https://duplicati-oauth-handler.appspot.com?type=amzcd 

I can get this to work with the “accept-any-ssl-certificate” option enabled. Although I’d rather not.
I tried using “accept-specified-ssl-hash” option but have no idea where to get the ssl hash from Amazon. This would be different from the AuthID correct? Anyway I’m thinking this would be my best option.

None of this is an issue when running Duplicati on OSX. Is this a bug? or am I missing something here?

Thanks for your time.

Here’s the detailed log:

Duplicati.Library.Interface.UserInformationException: Failed to authorize using the OAuth service: Error: TrustFailure (The authentication or decryption has failed.). If the problem persists, try generating a new authid token from: https://duplicati-oauth-handler.appspot.com?type=amzcd ---> System.Net.WebException: Error: TrustFailure (The authentication or decryption has failed.) ---> System.IO.IOException: The authentication or decryption has failed. ---> System.IO.IOException: The authentication or decryption has failed. ---> Mono.Security.Protocol.Tls.TlsException: Invalid certificate received from server. Error code: 0xffffffff800b010a at Mono.Security.Protocol.Tls.RecordProtocol.EndReceiveRecord (System.IAsyncResult asyncResult) [0x00040] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslClientStream.SafeEndReceiveRecord (System.IAsyncResult ar, System.Boolean ignoreEmpty) [0x00000] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslClientStream.NegotiateAsyncWorker (System.IAsyncResult result) [0x00071] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslClientStream.EndNegotiateHandshake (System.IAsyncResult result) [0x0003b] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Security.Protocol.Tls.SslStreamBase.AsyncHandshakeCallback (System.IAsyncResult asyncResult) [0x0000c] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 --- End of inner exception stack trace --- at Mono.Security.Protocol.Tls.SslStreamBase.EndRead (System.IAsyncResult asyncResult) [0x00057] in <1d0bb82c94e7435eb09324cf5ef20e36>:0 at Mono.Net.Security.Private.LegacySslStream.EndAuthenticateAsClient (System.IAsyncResult asyncResult) [0x00011] in <bd46d4d4f7964dfa9beea098499ab597>:0 at Mono.Net.Security.Private.LegacySslStream.AuthenticateAsClient (System.String targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Authentication.SslProtocols enabledSslProtocols, System.Boolean checkCertificateRevocation) [0x0000e] in <bd46d4d4f7964dfa9beea098499ab597>:0 at Mono.Net.Security.MonoTlsStream.CreateStream (System.Byte[] buffer) [0x00044] in <bd46d4d4f7964dfa9beea098499ab597>:0 --- End of inner exception stack trace --- at Duplicati.Library.Utility.AsyncHttpRequest+AsyncWrapper.GetResponseOrStream () [0x0004d] in <91cea55b26e6433485a261e80ffe6d32>:0 at Duplicati.Library.Utility.AsyncHttpRequest.GetResponse () [0x00044] in <91cea55b26e6433485a261e80ffe6d32>:0 at Duplicati.Library.JSONWebHelper.GetResponse (Duplicati.Library.Utility.AsyncHttpRequest req, System.Object requestdata) [0x000b4] in <18f2a8af7d984b019840c1b06194385d>:0 --- End of inner exception stack trace --- at Duplicati.Library.OAuthHelper.get_AccessToken () [0x0015b] in <18f2a8af7d984b019840c1b06194385d>:0 at Duplicati.Library.OAuthHelper.CreateRequest (System.String url, System.String method) [0x00024] in <18f2a8af7d984b019840c1b06194385d>:0 at Duplicati.Library.JSONWebHelper.GetJSONData[T] (System.String url, System.Action`1[T] setup, System.Action`1[T] setupreq) [0x00000] in <18f2a8af7d984b019840c1b06194385d>:0 at Duplicati.Library.Backend.AmazonCloudDrive.AmzCD.RefreshMetadataAndContentUrl () [0x0004b] in <9e6189cdc45f4e0994c34ee8a015f5c4>:0 at Duplicati.Library.Backend.AmazonCloudDrive.AmzCD.get_MetadataUrl () [0x00008] in <9e6189cdc45f4e0994c34ee8a015f5c4>:0 at Duplicati.Library.Backend.AmazonCloudDrive.AmzCD.List () [0x00007] in <9e6189cdc45f4e0994c34ee8a015f5c4>:0 at Duplicati.Library.Backend.AmazonCloudDrive.AmzCD.Test () [0x00000] in <9e6189cdc45f4e0994c34ee8a015f5c4>:0 at Duplicati.Server.WebServer.RESTMethods.RemoteOperation.TestConnection (System.String url, Duplicati.Server.WebServer.RESTMethods.RequestInfo info) [0x000b7] in <7196cd6dd618462f9137497d78fff3fc>:0 at Duplicati.Server.WebServer.RESTMethods.RemoteOperation.POST (System.String key, Duplicati.Server.WebServer.RESTMethods.RequestInfo info) [0x00091] in <7196cd6dd618462f9137497d78fff3fc>:0 at Duplicati.Server.WebServer.RESTHandler.DoProcess (Duplicati.Server.WebServer.RESTMethods.RequestInfo info, System.String method, System.String module, System.String key) [0x0026e] in <7196cd6dd618462f9137497d78fff3fc>:0 

Ok so I solved this issue by installing the latest mono-devel package. See the following link for repositories for your distribution.

http://www.mono-project.com/download/#download-lin

Then I ran the following command.

sudo cert-sync /etc/ssl/certs/ca-certificates.crt

After syncing the certificates Duplicati no longer has any issues connecting to Amazon Drive.
Hope this helps the next guy.

The lack of “default” certificates (or certification authorities) in mono seems to be a common problem lately - but I’m glad to hear you resolved it!

I noticed you added “(SOLVED)” to the title which is great - but if you get a chance, it would be great if you could go ahead and check the as well. Thanks!

New to the forum. I guess I’m a bit old school

Thanks for checking it - I wasn’t used to those forum tool either (it’s called Discourse) but I really like it.