Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Regression Bug AWS CLI 2.22 (Windows 2019) all s3 commands - SSL Certificate Errors- certificate verify failed (unable to get local issuer certificate) #9089

Closed
1 task done
robertriskin opened this issue Nov 20, 2024 · 2 comments
Closed
1 task done

Regression Bug AWS CLI 2.22 (Windows 2019) all s3 commands - SSL Certificate Errors- certificate verify failed (unable to get local issuer certificate) #9089

robertriskin opened this issue Nov 20, 2024 · 2 comments
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. potential-regression Marking this issue as a potential regression to be checked by team member

Comments

@robertriskin
Copy link

Describe the bug

All aws s3 commands throw this error
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

aws s3 ls and all other aws s3 commands throw the above error.

Previous version aws cli 2.21.3 and below worked successfully

Regression Issue

  • Select this option if this issue appears to be a regression.

Expected Behavior

Successfully lists s3 buckets and all other s3 functionality

Current Behavior

PS C:\Windows\system32> aws s3 ls --debug
2024-11-20 09:12:20,461 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.22.0 Python/3.12.6 Windows/2019Server exe/AMD64
2024-11-20 09:12:20,461 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['s3', 'ls', '--debug']
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_s3 at 0x00000273B7E58D60>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_ddb at 0x00000273B7C84220>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.configure.configure.ConfigureCommand'>>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x00000273B7BD9B20>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function change_name at 0x00000273B7BDAFC0>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function alias_opsworks_cm at 0x00000273B7E5B600>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_history_commands at 0x00000273B7CC2E80>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method BasicCommand.add_command of <class 'awscli.customizations.devcommands.CLIDevCommand'>>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <function add_waiters at 0x00000273B7E5B4C0>
2024-11-20 09:12:20,539 - MainThread - botocore.hooks - DEBUG - Event building-command-table.main: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x00000273B7F11760>>
2024-11-20 09:12:20,555 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\data\cli.json
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_types at 0x00000273B7D8C360>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function no_sign_request at 0x00000273B7D8C680>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_verify_ssl at 0x00000273B7D8C5E0>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_read_timeout at 0x00000273B7D8C7C0>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <function resolve_cli_connect_timeout at 0x00000273B7D8C720>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event top-level-args-parsed: calling handler <built-in method update of dict object at 0x00000273B7F2CA40>
2024-11-20 09:12:20,555 - MainThread - awscli.clidriver - DEBUG - CLI version: aws-cli/2.22.0 Python/3.12.6 Windows/2019Server exe/AMD64
2024-11-20 09:12:20,555 - MainThread - awscli.clidriver - DEBUG - Arguments entered to CLI: ['s3', 'ls', '--debug']
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_timestamp_parser at 0x00000273B7E59620>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function register_uri_param_handler at 0x00000273B7263600>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function add_binary_formatter at 0x00000273B7EE76A0>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function no_pager_handler at 0x00000273B7811760>
2024-11-20 09:12:20,555 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_assume_role_provider_cache at 0x00000273B7A640E0>
2024-11-20 09:12:20,555 - MainThread - botocore.utils - DEBUG - IMDS ENDPOINT: http://169.254.169.254/
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function attach_history_handler at 0x00000273B7CAF600>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event session-initialized: calling handler <function inject_json_file_cache at 0x00000273B7C80680>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3: calling handler <function add_waiters at 0x00000273B7E5B4C0>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x00000273B7F11760>>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3_ls: calling handler <function add_waiters at 0x00000273B7E5B4C0>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event building-command-table.s3_ls: calling handler <bound method AliasSubCommandInjector.on_building_command_table of <awscli.alias.AliasSubCommandInjector object at 0x00000273B7F11760>>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.paths: calling handler <awscli.paramfile.URIArgumentHandler object at 0x00000273B7F4E240>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.anonymous: calling handler <awscli.paramfile.URIArgumentHandler object at 0x00000273B7F4E240>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.page-size: calling handler <awscli.paramfile.URIArgumentHandler object at 0x00000273B7F4E240>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.human-readable: calling handler <awscli.paramfile.URIArgumentHandler object at 0x00000273B7F4E240>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.ls: calling handler <awscli.argprocess.ParamShorthandParser object at 0x00000273B7ABE3C0>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.summarize: calling handler <awscli.paramfile.URIArgumentHandler object at 0x00000273B7F4E240>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event process-cli-arg.custom.ls: calling handler <awscli.argprocess.ParamShorthandParser object at 0x00000273B7ABE3C0>
2024-11-20 09:12:20,570 - MainThread - botocore.hooks - DEBUG - Event load-cli-arg.custom.ls.request-payer: calling handler <awscli.paramfile.URIArgumentHandler object at 0x00000273B7F4E240>
2024-11-20 09:12:20,570 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: env
2024-11-20 09:12:20,570 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role
2024-11-20 09:12:20,570 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: assume-role-with-web-identity
2024-11-20 09:12:20,570 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: sso
2024-11-20 09:12:20,570 - MainThread - botocore.credentials - DEBUG - Looking for credentials via: shared-credentials-file
2024-11-20 09:12:20,570 - MainThread - botocore.credentials - INFO - Found credentials in shared credentials file: [redacted]
2024-11-20 09:12:20,586 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\endpoints.json
2024-11-20 09:12:20,617 - MainThread - botocore.hooks - DEBUG - Event choose-service-name: calling handler <function handle_service_name_alias at 0x00000273B67628E0>
2024-11-20 09:12:20,742 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\s3\2006-03-01\service-2.json
2024-11-20 09:12:20,758 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\s3\2006-03-01\service-2.sdk-extras.json
2024-11-20 09:12:20,836 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\s3\2006-03-01\endpoint-rule-set-1.json
2024-11-20 09:12:20,836 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\partitions.json
2024-11-20 09:12:20,836 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler <function add_generate_presigned_post at 0x00000273B66902C0>
2024-11-20 09:12:20,836 - MainThread - botocore.hooks - DEBUG - Event creating-client-class.s3: calling handler <function add_generate_presigned_url at 0x00000273B6690040>
2024-11-20 09:12:20,836 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: environment_service
2024-11-20 09:12:20,836 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: environment_global
2024-11-20 09:12:20,836 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: config_service
2024-11-20 09:12:20,836 - MainThread - botocore.configprovider - DEBUG - Looking for endpoint for s3 via: config_global
2024-11-20 09:12:20,836 - MainThread - botocore.configprovider - DEBUG - No configured endpoint found.
2024-11-20 09:12:20,852 - MainThread - botocore.endpoint - DEBUG - Setting s3 timeout as (60, 60)
2024-11-20 09:12:20,852 - MainThread - botocore.utils - DEBUG - Registering S3 region redirector handler
2024-11-20 09:12:20,852 - MainThread - botocore.utils - DEBUG - Registering S3Express Identity Resolver
2024-11-20 09:12:20,930 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\s3\2006-03-01\paginators-1.json
2024-11-20 09:12:20,930 - MainThread - botocore.loaders - DEBUG - Loading JSON file: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\data\s3\2006-03-01\paginators-1.sdk-extras.json
2024-11-20 09:12:20,930 - MainThread - botocore.hooks - DEBUG - Event provide-client-params.s3.ListBuckets: calling handler <function base64_decode_input_blobs at 0x00000273B7EEC040>
2024-11-20 09:12:20,930 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <function validate_bucket_name at 0x00000273B6762FC0>
2024-11-20 09:12:20,930 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <function remove_bucket_from_url_paths_from_model at 0x00000273B6781120>
2024-11-20 09:12:20,930 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <bound method S3RegionRedirectorv2.annotate_request_context of <botocore.utils.S3RegionRedirectorv2 object at 0x00000273B977AB70>>
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <bound method S3ExpressIdentityResolver.inject_signing_cache_key of <botocore.utils.S3ExpressIdentityResolver object at 0x00000273B977AE10>>
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event before-parameter-build.s3.ListBuckets: calling handler <function generate_idempotent_uuid at 0x00000273B6762DE0>
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event before-endpoint-resolution.s3: calling handler <function customize_endpoint_resolver_builtins at 0x00000273B6781300>
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event before-endpoint-resolution.s3: calling handler <bound method S3RegionRedirectorv2.redirect_from_cache of <botocore.utils.S3RegionRedirectorv2 object at 0x00000273B977AB70>>
2024-11-20 09:12:20,945 - MainThread - botocore.regions - DEBUG - Calling endpoint provider with parameters: {'Region': 'us-east-1', 'UseFIPS': False, 'UseDualStack': False, 'ForcePathStyle': False, 'Accelerate': False, 'UseGlobalEndpoint': False, 'DisableMultiRegionAccessPoints': False, 'UseArnRegion': True}
2024-11-20 09:12:20,945 - MainThread - botocore.regions - DEBUG - Endpoint provider result: https://s3.us-east-1.amazonaws.com
2024-11-20 09:12:20,945 - MainThread - botocore.regions - DEBUG - Selecting from endpoint provider's list of auth schemes: "sigv4". User selected auth scheme is: "None"
2024-11-20 09:12:20,945 - MainThread - botocore.regions - DEBUG - Selected auth type "v4" as "v4" with signing context params: {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler <function add_expect_header at 0x00000273B6763380>
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler <bound method S3ExpressIdentityResolver.apply_signing_cache_key of <botocore.utils.S3ExpressIdentityResolver object at 0x00000273B977AE10>>
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event before-call.s3.ListBuckets: calling handler <function inject_api_version_header_if_needed at 0x00000273B6780900>
2024-11-20 09:12:20,945 - MainThread - botocore.endpoint - DEBUG - Making request for OperationModel(name=ListBuckets) with params: {'url_path': '/', 'query_string': {}, 'method': 'GET', 'headers': {'User-Agent': 'aws-cli/2.22.0 md/awscrt#0.22.0 ua/2.0 os/windows#2019Server md/arch#amd64 lang/python#3.12.6 md/pyimpl#CPython cfg/retry-mode#standard md/installer#exe md/prompt#off md/command#s3.ls'}, 'body': b'', 'url': 'https://s3.us-east-1.amazonaws.com/', 'context': {'client_region': 'us-east-1', 'client_config': <botocore.config.Config object at 0x00000273B972C980>, 'has_streaming_input': False, 'auth_type': 'v4', 'unsigned_payload': None, 's3_redirect': {'redirected': False, 'bucket': None, 'params': {}}, 'signing': {'region': 'us-east-1', 'signing_name': 's3', 'disableDoubleEncoding': True}, 'endpoint_properties': {'authSchemes': [{'disableDoubleEncoding': True, 'name': 'sigv4', 'signingName': 's3', 'signingRegion': 'us-east-1'}]}}}
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.ListBuckets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x00000273B972C890>>
2024-11-20 09:12:20,945 - MainThread - botocore.hooks - DEBUG - Event choose-signer.s3.ListBuckets: calling handler <function set_operation_specific_signer at 0x00000273B6762C00>
2024-11-20 09:12:20,961 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler <function remove_arn_from_signing_path at 0x00000273B6781260>
2024-11-20 09:12:20,961 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler <bound method S3ExpressIdentityResolver.resolve_s3express_identity of <botocore.utils.S3ExpressIdentityResolver object at 0x00000273B977AE10>>
2024-11-20 09:12:20,961 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2024-11-20 09:12:20,961 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
GET
/

host:s3.us-east-1.amazonaws.com
x-amz-content-sha256:[redacted]
x-amz-date:20241120T141220Z

host;x-amz-content-sha256;x-amz-date
[redacted]
2024-11-20 09:12:20,977 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20241120T141220Z
20241120/us-east-1/s3/aws4_request
[redacted]
2024-11-20 09:12:20,977 - MainThread - botocore.auth - DEBUG - Signature:
[redacted]
2024-11-20 09:12:20,977 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://s3.us-east-1.amazonaws.com/, headers={'User-Agent': b'aws-cli/2.22.0 md/awscrt#0.22.0 ua/2.0 os/windows#2019Server md/arch#amd64 lang/python#3.12.6 md/pyimpl#CPython cfg/retry-mode#standard md/installer#exe md/prompt#off md/command#s3.ls', 'X-Amz-Date': b'20241120T141220Z', 'X-Amz-Content-SHA256': b'[redacted]', 'Authorization': b'AWS4-HMAC-SHA256 Credential=[redacted]/20241120/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=[redacted]'}>
2024-11-20 09:12:20,977 - MainThread - botocore.httpsession - DEBUG - Certificate path: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\cacert.pem
2024-11-20 09:12:20,977 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (1): s3.us-east-1.amazonaws.com:443
2024-11-20 09:12:21,367 - MainThread - botocore.endpoint - DEBUG - Exception received when sending HTTP request.
Traceback (most recent call last):
File "urllib3\connectionpool.py", line 716, in urlopen
File "urllib3\connectionpool.py", line 404, in make_request
File "urllib3\connectionpool.py", line 1061, in validate_conn
File "urllib3\connection.py", line 419, in connect
File "urllib3\util\ssl.py", line 458, in ssl_wrap_socket
File "urllib3\util\ssl.py", line 502, in _ssl_wrap_socket_impl
File "ssl.py", line 455, in wrap_socket
File "ssl.py", line 1041, in _create
File "ssl.py", line 1319, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "awscli\botocore\httpsession.py", line 458, in send
File "urllib3\connectionpool.py", line 802, in urlopen
File "urllib3\util\retry.py", line 527, in increment
File "urllib3\packages\six.py", line 769, in reraise
File "urllib3\connectionpool.py", line 716, in urlopen
File "urllib3\connectionpool.py", line 404, in make_request
File "urllib3\connectionpool.py", line 1061, in validate_conn
File "urllib3\connection.py", line 419, in connect
File "urllib3\util\ssl.py", line 458, in ssl_wrap_socket
File "urllib3\util\ssl.py", line 502, in _ssl_wrap_socket_impl
File "ssl.py", line 455, in wrap_socket
File "ssl.py", line 1041, in _create
File "ssl.py", line 1319, in do_handshake
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "awscli\botocore\endpoint.py", line 202, in _do_get_response
File "awscli\botocore\endpoint.py", line 282, in _send
File "awscli\botocore\httpsession.py", line 485, in send
botocore.exceptions.SSLError: SSL validation failed for https://s3.us-east-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
2024-11-20 09:12:21,383 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <function _update_status_code at 0x00000273B67816C0>
2024-11-20 09:12:21,398 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x00000273B977ADE0>>
2024-11-20 09:12:21,398 - MainThread - botocore.retries.standard - DEBUG - Retry needed, retrying request after delay of: 0.07664610696868457
2024-11-20 09:12:21,398 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <bound method S3RegionRedirectorv2.redirect_from_error of <botocore.utils.S3RegionRedirectorv2 object at 0x00000273B977AB70>>
2024-11-20 09:12:21,398 - MainThread - botocore.endpoint - DEBUG - Response received to retry, sleeping for 0.07664610696868457 seconds
2024-11-20 09:12:21,484 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.ListBuckets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x00000273B972C890>>
2024-11-20 09:12:21,484 - MainThread - botocore.hooks - DEBUG - Event choose-signer.s3.ListBuckets: calling handler <function set_operation_specific_signer at 0x00000273B6762C00>
2024-11-20 09:12:21,484 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler <function remove_arn_from_signing_path at 0x00000273B6781260>
2024-11-20 09:12:21,484 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler <bound method S3ExpressIdentityResolver.resolve_s3express_identity of <botocore.utils.S3ExpressIdentityResolver object at 0x00000273B977AE10>>
2024-11-20 09:12:21,484 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2024-11-20 09:12:21,484 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
GET
/

host:s3.us-east-1.amazonaws.com
x-amz-content-sha256:[redacted]
x-amz-date:20241120T141221Z

host;x-amz-content-sha256;x-amz-date
[redacted]
2024-11-20 09:12:21,500 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20241120T141221Z
20241120/us-east-1/s3/aws4_request
[redacted]
2024-11-20 09:12:21,500 - MainThread - botocore.auth - DEBUG - Signature:
[redacted]
2024-11-20 09:12:21,500 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://s3.us-east-1.amazonaws.com/, headers={'User-Agent': b'aws-cli/2.22.0 md/awscrt#0.22.0 ua/2.0 os/windows#2019Server md/arch#amd64 lang/python#3.12.6 md/pyimpl#CPython cfg/retry-mode#standard md/installer#exe md/prompt#off md/command#s3.ls', 'X-Amz-Date': b'20241120T141221Z', 'X-Amz-Content-SHA256': b'[redacted]', 'Authorization': b'AWS4-HMAC-SHA256 Credential=[redacted]/20241120/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=[redacted]'}>
2024-11-20 09:12:21,500 - MainThread - botocore.httpsession - DEBUG - Certificate path: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\cacert.pem
2024-11-20 09:12:21,500 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (2): s3.us-east-1.amazonaws.com:443
2024-11-20 09:12:21,875 - MainThread - botocore.endpoint - DEBUG - Exception received when sending HTTP request.
Traceback (most recent call last):
File "urllib3\connectionpool.py", line 716, in urlopen
File "urllib3\connectionpool.py", line 404, in make_request
File "urllib3\connectionpool.py", line 1061, in validate_conn
File "urllib3\connection.py", line 419, in connect
File "urllib3\util\ssl.py", line 458, in ssl_wrap_socket
File "urllib3\util\ssl.py", line 502, in _ssl_wrap_socket_impl
File "ssl.py", line 455, in wrap_socket
File "ssl.py", line 1041, in _create
File "ssl.py", line 1319, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "awscli\botocore\httpsession.py", line 458, in send
File "urllib3\connectionpool.py", line 802, in urlopen
File "urllib3\util\retry.py", line 527, in increment
File "urllib3\packages\six.py", line 769, in reraise
File "urllib3\connectionpool.py", line 716, in urlopen
File "urllib3\connectionpool.py", line 404, in make_request
File "urllib3\connectionpool.py", line 1061, in validate_conn
File "urllib3\connection.py", line 419, in connect
File "urllib3\util\ssl.py", line 458, in ssl_wrap_socket
File "urllib3\util\ssl.py", line 502, in _ssl_wrap_socket_impl
File "ssl.py", line 455, in wrap_socket
File "ssl.py", line 1041, in _create
File "ssl.py", line 1319, in do_handshake
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "awscli\botocore\endpoint.py", line 202, in _do_get_response
File "awscli\botocore\endpoint.py", line 282, in _send
File "awscli\botocore\httpsession.py", line 485, in send
botocore.exceptions.SSLError: SSL validation failed for https://s3.us-east-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
2024-11-20 09:12:21,890 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <function _update_status_code at 0x00000273B67816C0>
2024-11-20 09:12:21,906 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x00000273B977ADE0>>
2024-11-20 09:12:21,906 - MainThread - botocore.retries.standard - DEBUG - Retry needed, retrying request after delay of: 0.7108172793225123
2024-11-20 09:12:21,906 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <bound method S3RegionRedirectorv2.redirect_from_error of <botocore.utils.S3RegionRedirectorv2 object at 0x00000273B977AB70>>
2024-11-20 09:12:21,906 - MainThread - botocore.endpoint - DEBUG - Response received to retry, sleeping for 0.7108172793225123 seconds
2024-11-20 09:12:22,628 - MainThread - botocore.hooks - DEBUG - Event request-created.s3.ListBuckets: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x00000273B972C890>>
2024-11-20 09:12:22,628 - MainThread - botocore.hooks - DEBUG - Event choose-signer.s3.ListBuckets: calling handler <function set_operation_specific_signer at 0x00000273B6762C00>
2024-11-20 09:12:22,628 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler <function remove_arn_from_signing_path at 0x00000273B6781260>
2024-11-20 09:12:22,628 - MainThread - botocore.hooks - DEBUG - Event before-sign.s3.ListBuckets: calling handler <bound method S3ExpressIdentityResolver.resolve_s3express_identity of <botocore.utils.S3ExpressIdentityResolver object at 0x00000273B977AE10>>
2024-11-20 09:12:22,628 - MainThread - botocore.auth - DEBUG - Calculating signature using v4 auth.
2024-11-20 09:12:22,644 - MainThread - botocore.auth - DEBUG - CanonicalRequest:
GET
/

host:s3.us-east-1.amazonaws.com
x-amz-content-sha256:[redacted]
x-amz-date:20241120T141222Z

host;x-amz-content-sha256;x-amz-date
[redacted]
2024-11-20 09:12:22,644 - MainThread - botocore.auth - DEBUG - StringToSign:
AWS4-HMAC-SHA256
20241120T141222Z
20241120/us-east-1/s3/aws4_request
[redacted]
2024-11-20 09:12:22,644 - MainThread - botocore.auth - DEBUG - Signature:
[redacted]
2024-11-20 09:12:22,644 - MainThread - botocore.endpoint - DEBUG - Sending http request: <AWSPreparedRequest stream_output=False, method=GET, url=https://s3.us-east-1.amazonaws.com/, headers={'User-Agent': b'aws-cli/2.22.0 md/awscrt#0.22.0 ua/2.0 os/windows#2019Server md/arch#amd64 lang/python#3.12.6 md/pyimpl#CPython cfg/retry-mode#standard md/installer#exe md/prompt#off md/command#s3.ls', 'X-Amz-Date': b'20241120T141222Z', 'X-Amz-Content-SHA256': b'[redacted]', 'Authorization': b'AWS4-HMAC-SHA256 Credential=[redacted]/20241120/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=[redacted]'}>
2024-11-20 09:12:22,644 - MainThread - botocore.httpsession - DEBUG - Certificate path: C:\Program Files\Amazon\AWSCLIV2\awscli\botocore\cacert.pem
2024-11-20 09:12:22,675 - MainThread - urllib3.connectionpool - DEBUG - Starting new HTTPS connection (3): s3.us-east-1.amazonaws.com:443
2024-11-20 09:12:23,019 - MainThread - botocore.endpoint - DEBUG - Exception received when sending HTTP request.
Traceback (most recent call last):
File "urllib3\connectionpool.py", line 716, in urlopen
File "urllib3\connectionpool.py", line 404, in make_request
File "urllib3\connectionpool.py", line 1061, in validate_conn
File "urllib3\connection.py", line 419, in connect
File "urllib3\util\ssl.py", line 458, in ssl_wrap_socket
File "urllib3\util\ssl.py", line 502, in _ssl_wrap_socket_impl
File "ssl.py", line 455, in wrap_socket
File "ssl.py", line 1041, in _create
File "ssl.py", line 1319, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "awscli\botocore\httpsession.py", line 458, in send
File "urllib3\connectionpool.py", line 802, in urlopen
File "urllib3\util\retry.py", line 527, in increment
File "urllib3\packages\six.py", line 769, in reraise
File "urllib3\connectionpool.py", line 716, in urlopen
File "urllib3\connectionpool.py", line 404, in make_request
File "urllib3\connectionpool.py", line 1061, in validate_conn
File "urllib3\connection.py", line 419, in connect
File "urllib3\util\ssl.py", line 458, in ssl_wrap_socket
File "urllib3\util\ssl.py", line 502, in _ssl_wrap_socket_impl
File "ssl.py", line 455, in wrap_socket
File "ssl.py", line 1041, in _create
File "ssl.py", line 1319, in do_handshake
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "awscli\botocore\endpoint.py", line 202, in _do_get_response
File "awscli\botocore\endpoint.py", line 282, in _send
File "awscli\botocore\httpsession.py", line 485, in send
botocore.exceptions.SSLError: SSL validation failed for https://s3.us-east-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)
2024-11-20 09:12:23,035 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <function _update_status_code at 0x00000273B67816C0>
2024-11-20 09:12:23,035 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <bound method RetryHandler.needs_retry of <botocore.retries.standard.RetryHandler object at 0x00000273B977ADE0>>
2024-11-20 09:12:23,050 - MainThread - botocore.retries.standard - DEBUG - Max attempts of 3 reached.
2024-11-20 09:12:23,050 - MainThread - botocore.retries.standard - DEBUG - Not retrying request.
2024-11-20 09:12:23,050 - MainThread - botocore.hooks - DEBUG - Event needs-retry.s3.ListBuckets: calling handler <bound method S3RegionRedirectorv2.redirect_from_error of <botocore.utils.S3RegionRedirectorv2 object at 0x00000273B977AB70>>
2024-11-20 09:12:23,050 - MainThread - awscli.clidriver - DEBUG - Exception caught in main()
Traceback (most recent call last):
File "urllib3\connectionpool.py", line 716, in urlopen
File "urllib3\connectionpool.py", line 404, in make_request
File "urllib3\connectionpool.py", line 1061, in validate_conn
File "urllib3\connection.py", line 419, in connect
File "urllib3\util\ssl.py", line 458, in ssl_wrap_socket
File "urllib3\util\ssl.py", line 502, in _ssl_wrap_socket_impl
File "ssl.py", line 455, in wrap_socket
File "ssl.py", line 1041, in _create
File "ssl.py", line 1319, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "awscli\botocore\httpsession.py", line 458, in send
File "urllib3\connectionpool.py", line 802, in urlopen
File "urllib3\util\retry.py", line 527, in increment
File "urllib3\packages\six.py", line 769, in reraise
File "urllib3\connectionpool.py", line 716, in urlopen
File "urllib3\connectionpool.py", line 404, in make_request
File "urllib3\connectionpool.py", line 1061, in validate_conn
File "urllib3\connection.py", line 419, in connect
File "urllib3\util\ssl.py", line 458, in ssl_wrap_socket
File "urllib3\util\ssl.py", line 502, in _ssl_wrap_socket_impl
File "ssl.py", line 455, in wrap_socket
File "ssl.py", line 1041, in _create
File "ssl.py", line 1319, in do_handshake
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "awscli\clidriver.py", line 499, in main
File "awscli\customizations\commands.py", line 152, in call
File "awscli\customizations\commands.py", line 206, in call
File "awscli\customizations\s3\subcommands.py", line 538, in _run_main
File "awscli\customizations\s3\subcommands.py", line 610, in _list_all_buckets
File "awscli\botocore\paginate.py", line 252, in iter
File "awscli\botocore\paginate.py", line 329, in _make_request
File "awscli\botocore\client.py", line 364, in _api_call
File "awscli\botocore\client.py", line 730, in _make_api_call
File "awscli\botocore\client.py", line 750, in _make_request
File "awscli\botocore\endpoint.py", line 104, in make_request
File "awscli\botocore\endpoint.py", line 158, in _send_request
File "awscli\botocore\endpoint.py", line 202, in _do_get_response
File "awscli\botocore\endpoint.py", line 282, in _send
File "awscli\botocore\httpsession.py", line 485, in send
botocore.exceptions.SSLError: SSL validation failed for https://s3.us-east-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

SSL validation failed for https://s3.us-east-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

Reproduction Steps

Was able to reproduce on several Windows Server 2019 systems

Possible Solution

No response

Additional Information/Context

There is no network proxying/filtering occurring in this environment. It was previously working with the previous aws cli 2.21.3 build

CLI version used

aws-cli/2.22.0 Python/3.12.6 Windows/2019Server exe/AMD64

Environment details (OS name and version, etc.)

Windows 2019 - latest build/patch (November 2024)
@robertriskin robertriskin added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Nov 20, 2024
@github-actions github-actions bot added the potential-regression Marking this issue as a potential regression to be checked by team member label Nov 20, 2024
@robertriskin
Copy link
Author

Please disregard. Cisco Umbrella added s3.us-east-1.amazonaws.com to a blocklist on 2024/11/18. Bad timing! Issue is resolved and was related to Umbrella blocking categories. Apologies!

@github-actions GitHub Actions
Copy link

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. potential-regression Marking this issue as a potential regression to be checked by team member
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@robertriskin