I'm using s3 to save my state. since this is a custom S3 (and not AWS) I configured it as shown below (using IP + Port).
when running terraform init I received this error:
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes. Error
refreshing state: RequestError: send request failed caused by: Get
"https://custom_S3_server_IP:8082/mytest/my_sub_folder/terraform.tfstate":
x509: cannot validate certificate for custom_S3_server_IP because it doesn't
contain any IP SANs
Usually when I encounter issue like this, I assume it is endpoint(dns) verification.
But seems like I can't disable it using Terraform. here is my S3 config:
backend "s3" {
region = "DEGO"
skip_region_validation = true
force_path_style = true
bucket = "mytest"
key = "my_sub_folder/terraform.tfstate"
access_key = "myK"
secret_key = "myS"
endpoint = "custom_S3_server_IP:8082"
}
Edit:
I know that the certificate doesn't contain the IP which is entered, but in every client which has this issue, there is always a way to disable the dns verification.
e.g. Terraform aws implementation can use the "–no-verify-ssl" option to overcome this, but I couldn't find any property which use something like this
Best Answer
Your S3 server's TLS certificate doesn't have the IP address listed in its Subject Alternative Name field. You need to use a proper certificate in your S3 server that has this.
An easier alternative is to use DNS name in the URL and make sure your certificate has the DNS name in its SAN field.