Rclone to Amazon Drive on mac with launchd

rclone v1.35, just installed on mac (Sierra)

created a shell script with the following command:
/usr/local/bin/rclone --config /Users/xxx/.rclone.conf sync /Users/xxx/ResilioSync CloudDrive:Imac-ResilioSync

When I run shell script logged in as xxx it works fine, also as root.

Want to move to launchd as daemon and run daily, so under /Library/LaunchDaemons, I added:

cat com.xxx.awsbackup.plist

<?xml version="1.0" encoding="UTF-8"?> Label com.xxx.awsbackup

UserName
xxx

ProgramArguments

/Users/xxx/backup/rclone_backup.sh

Nice
1

StartCalendarInterval

Hour
11
Minute
0

RunAtLoad

StandardErrorPath
/Users/xxx/backup/rclone_backup.error

StandardOutPath
/Users/xxx/backup/rclone_backup.log

When I launchd load, it starts to run but errors out with the following:

#cat rclone_backup.error
2017/03/04 14:00:23 Failed to create file system for “CloudDrive:Imac-ResilioSync”: failed to get endpoints: Get https://drive.amazonaws.com/drive/v1/account/endpoint: x509: certificate signed by unknown authority

side note: I have seen this now and then when running manually on other machines but ‘sudo’ always succeeds.

any tips appreciated!

Your filters stripped the details, one more time with MD syntax

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.xxx.awsbackup</string>

<key>UserName</key>
<string>xxx</string>

  <key>ProgramArguments</key>
  <array>
    <string>/Users/xxx/backup/rclone_backup.sh</string>
  </array>

  <key>Nice</key>
  <integer>1</integer>

  <key>StartCalendarInterval</key>
<dict>
	<key>Hour</key>
	<integer>11</integer>
	<key>Minute</key>
	<integer>0</integer>
</dict>
  <key>RunAtLoad</key>
  <true/>

  <key>StandardErrorPath</key>
  <string>/Users/xxx/backup/rclone_backup.error</string>

  <key>StandardOutPath</key>
  <string>/Users/xxx/backup/rclone_backup.log</string>
</dict>
</plist>