Welcome to the forum @kocane
Your log does indeed imply problems downloading the files, but these one-line messages don’t say much.
Could you check live log at About --> Show log --> Live --> Retry to see if you can see more, for example:
2019-07-15 12:33:53 -04 - [Retry-Duplicati.Library.Main.BackendManager-RetryGet]: Operation Get with file duplicati-b3c0cc94f1294434c88ebf0296077a1ab.dblock.zip attempt 5 of 5 failed with message: The file duplicati-b3c0cc94f1294434c88ebf0296077a1ab.dblock.zip was downloaded and had size 683 but the size was expected to be 679
System.Exception: The file duplicati-b3c0cc94f1294434c88ebf0296077a1ab.dblock.zip was downloaded and had size 683 but the size was expected to be 679
at Duplicati.Library.Main.BackendManager.DoGet(FileEntryItem item)
You made mention later of “hosted elsewhere”. If this isn’t on amazonaws.com, can you say what it’s on?
Amazon S3 Server Side Encryption discusses that, if it’s what you’re using. What’s “encryption enabled”?
The s3 command of the AWS Command Line Interface might be one way to try file download of files in an independent way using cp and whatever encryption options fit. I don’t have S3 so can’t help in much detail.
Duplicati.CommandLine.BackendTool.exe is another way to do a manual download. File format should be AES File Format, so basically if it doesn’t start with AES, then something’s wrong. Testing a dlist or dindex will probably be a shorter file than a dblock, so it will be a bit easier on whatever viewer you use on that file.
What seems odd is that you’re having trouble with restore, yet your backup works. Ordinarily backup does Verifying backend files before it considers the job done, however there are options available to prevent that.
Is this with the same “custom S3 endpoint with encryption enabled”, with only difference being the network and the computer? Do you mean “Direct restore” of Debian Buster server backup to it works? If not, what? Need clarification of “works fine there”, plus any potentially relevant information on differences from server.