When connecting Veeam up to Wasabi for the first time, or after there have been network-related changes, you may encounter the error "Failed to retrieve certificate". This is an indication that your Veeam Backup & Replication server is unable to reach the Wasabi service and validate the certificate.
Example Error Message:
11/2/2020 4:22:01 AM :: Failed to offload backup Error: Failed to retrieve certificate from https://s3.us-east-2.wasabisys.com/
11/2/2020 4:22:01 AM :: Failed to retrieve certificate from https://s3.us-east-2.wasabisys.com/
11/1/2020 5:14:30 PM :: Processing Error: Failed to retrieve certificate from https://s3.us-east-2.wasabisys.com/
11/1/2020 5:15:58 PM :: Failed to offload backup Error: Failed to retrieve certificate from https://s3.us-east-2.wasabisys.com/
Here is a list of things you can do in order to verify connectivity:
- Verify that your Veeam server has internet access to the URLs listed in our Wasabi Service URLs KB Article.
- Make sure outbound access using TCP is allowed on port 443 to URLs being used by your buckets in your firewall. If the firewall uses IP Address/Subnets for an allow list, use our Firewall Whitelist KB Article to determine the subnet range for your bucket.
- If your network requires the use of a network proxy such as a SOCKS5 proxy, verify that you have configured the correct proxy URL for use with Veeam. If the proxy is blocking Wasabi, you may have to request a proxy bypass from your networking team or have the Wasabi URLs allowed through it.
- If your network uses an SSL Decryption device in order to inspect encrypted traffic, it may be required to bypass this decryption, otherwise the connection will fail.
- In certain cases, we have seen incorrectly configured MTU settings generate this error. The typical setting is 1500. If you are using Jumbo Frames, validate that your network supports this and also allows for proper Path MTU Discovery (PMTUD).