Common Errors (All S3 Providers) Print

This article covers the most common errors encountered when configuring AWS S3 or S3-compatible storage providers in the hTech OS Backup Module, including provider-specific quirks and fixes.

Common Errors (All S3 Providers)

Access Denied / 403 Forbidden

Cause: Access key lacks required permissions.

Fix:

• Verify access key and secret key
• Confirm bucket name
• Ensure permissions include:
  • s3:PutObject
  • s3:GetObject
  • s3:ListBucket
  • s3:DeleteObject

SignatureDoesNotMatch

Cause: Region, endpoint, or secret key mismatch.

Fix:

• Re-enter secret key carefully
• Confirm correct region
• Verify correct endpoint URL

Bucket Does Not Exist

Cause: Incorrect bucket name or region.

Fix:

• Check bucket spelling
• Verify region matches the bucket

Wasabi-Specific Issues

Error: “The authorization header is malformed”

Cause: Incorrect region or endpoint configuration.

Fix:

• Ensure the region matches the Wasabi bucket region (e.g. us-east-1)
• Use the correct endpoint format:
  https://s3.<region>.wasabisys.com
• Do not include the bucket name in the endpoint

Error: “Access Denied” with valid credentials

Cause: Wasabi enforces strict bucket-level permissions.

Fix:

• Confirm the access key has full access to the bucket
• Ensure the bucket policy does not restrict object writes

Backblaze B2 (S3-Compatible API) Issues

Error: “InvalidAccessKeyId”

Cause: Application key is incorrect or lacks S3 permissions.

Fix:

• Use an Application Key (not the master account key)
• Ensure the application key has access to the correct bucket
• Confirm the key is enabled for S3-compatible access

Error: “SignatureDoesNotMatch”

Cause: Incorrect endpoint or region.

Fix:

• Use the correct Backblaze S3 endpoint:
  https://s3.<region>.backblazeb2.com
• Set region to the region shown in the Backblaze bucket settings

Error: Test Connection Works but Upload Fails

Cause: Missing write permissions on the bucket.

Fix:

• Ensure the application key allows write access
• Verify the bucket is not read-only

Cloudflare R2 Issues

Error: “Access Denied” or “403”

Cause: R2 requires explicit bucket permissions.

Fix:

• Confirm the R2 API token includes read and write permissions
• Verify the token is scoped to the correct bucket

Error: “PermanentRedirect” or Region Errors

Cause: Cloudflare R2 does not use traditional AWS regions.

Fix:

• Set region to auto or a provider-recommended value
• Use the account-specific endpoint provided by Cloudflare

Error: “Invalid Endpoint”

Cause: Incorrect R2 endpoint format.

Fix:

• Use the full HTTPS endpoint:
  https://<accountid>.r2.cloudflarestorage.com
• Do not include bucket name or paths in the endpoint

General Best Practices

• Create a dedicated bucket for backups
• Use a dedicated access key or token
• Grant only required permissions
• Always use the Test Connection button
• Run a manual backup before enabling scheduled backups

Still Having Issues?

If problems persist:

• Enable module debug logging
• Review the module Activity Log
• Confirm outbound HTTPS (port 443) is allowed
• Contact support with the exact error message and timestamp