QNAP - Duplicati - Amazon Cloud Drive

RubbeeDuck · January 16, 2018, 9:47am

Hello,

I have a qnap with the 4.3.4 Firmware and the newest Version von Duplicati for Qnap with QMONO and CACERT.

I have updated to the newest Version the old one works fine ( it was the Version before CACERT )

No I try to restore my Backup-Sets but I get this error:

Failed to connect: Failed to authorize using the OAuth service: Error: TrustFailure (One or more errors occurred.). If the problem persists, try generating a new authid token from: Duplicati OAuth Handler

What I am doing wrong?! I tried to Add a new Auth ID Token but it is still the same error.

It would be great, when you could helps me.

Thanks

JonMikelV · January 17, 2018, 3:12pm

Hello @RubbeeDuck, welcome to the forum, and thanks for using Duplicati!

If you can answer some of these, that could help us figure out what’s going on:

You say you have the newest version of Duplicati - is that the beta, canary, or experimental channel?
You are running Duplicati ON the Qnap, right?
What destination are you using?
Since it sounds like you get the OAuth error while trying to restore, can you still do a backup without error?

RubbeeDuck · January 17, 2018, 6:39pm

Thanks for your reply.

Herr are the answers:

The Version is: 2.0.2.15_experimental_2018-01-03

Yes it Runs directly on the Qnap. Now it support CACERT maybe this is the reason!?

The Destination is: Amazon cloud Drive

I try to Import from the old Version an Backup Task.

Regards

RubbeeDuck · January 18, 2018, 6:48am

I have tried now to create a new Backup Task, but there I also get the same Error

JonMikelV · January 20, 2018, 7:44am

I’m not sure what you mean by “now it support CACERT”, can you clarify for me?

RubbeeDuck · January 22, 2018, 6:45am

Hi it is an QPKG on my NAS.

I have now add an Option in Duplicaty to “any SSL” and now it works, but is this safe?!

Regards

JonMikelV · January 22, 2018, 3:40pm

That depends on your definition of “safe”. With --accept-any-ssl-certificate you are telling Duplicati to use SSL (which is good) regardless of whether or not the certificate is valid or provided by a known certificate authority (which is unsafe).

Since SSL is in use, communications between Duplicate and your destination will be encrypted but because the certificate isn’t validated there’s no guarantee that the destination is really what you think it is. In other words, somebody could be posing as your destination.

Assuming you have a passphrase set up to encrypt your backups, the actual data sent to your destination is itself encrypted - so even if somebody gets access to the Duplicate archive files, they still would have to break that encryption just to open the archives. And even then, they’d still have to re-assemble all he deduplication blocks into actual files before they could read more than small chunks of your data at a time.

If possible, you’re better off getting your certificates updated and/or manually verifying the certificate in question and using --accept-specified-ssl-hash to allow just that one goofy certificate to be used, rather than blank accepting ANY certificate.