@ylangisc commented

The Amazon SSL certificate is a wildcard certificate for '*.s3.amazonaws.com'. As we have a bucket 'cyberduck.ch' this leads to a hostname with an additional level -> 'cyberduck.ch.s3.amazonaws.com'. According to the memo RFC2818 this identity does not match the certificate. Section 3.1 says:

...
If more than one identity of a given type is present in
the certificate (e.g., more than one dNSName name, a match in any one
of the set is considered acceptable.) Names may contain the wildcard
character * which is considered to match any single domain name
component or component fragment. E.g., .a.com matches foo.a.com but
not bar.foo.a.com. f.com matches foo.com but not bar.com.
...

To prevent the warning page we should choose a different bucket or we don't use SSL for distribution anymore. The link you got is also valid with http:// instead of https://.