using straight curl alone seems to work fine. i had a co-worker confirm
rykelley@EOS01:~$ curl -I
HTTP/1.1 200 OK
Date: Thu, 18 Dec 2014 18:52:41 GMT
Last-Modified: Fri, 14 Nov 2014 02:57:44 GMT
how do i find how vagrant is calling curl ?
On Thu Dec 18 2014 at 11:16:01 AM Daniel DeLeo email@example.com wrote:
On Thursday, December 18, 2014 at 9:58 AM, Ryan Kelley wrote:
i’m running into this issue with the out of the box install of ChefDK on
both a OSX system and Ubuntu. using chef generate cookbook and getting the
default .kitchen.yml file and then running kitchen create to pull down and
create the box. i’m getting an error at what i’m assuming is the embedded
curl operation to pull down opscode ubuntu or centos box i get this
Message: Failed to complete #create action: [Expected
process to exit with , but received ‘1’
---- Begin output of vagrant up --no-provision --provider=virtualbox ----
STDOUT: Bringing machine ‘default’ up with ‘virtualbox’ provider…
==> default: Box ‘opscode-ubuntu-12.04’ could not be found. Attempting
to find and install…
default: Box Provider: virtualbox
default: Box Version: >= 0
==> default: Adding box ‘opscode-ubuntu-12.04’ (v0) for provider:
default: Downloading: https://opscode-vm-bento.s3.amazonaws.com/vagrant/
SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option
this has to be a bug seeing that myself and other co-workers are getting
the same error with DK 3.5.1 .
i have tried adding the embedded SSL cert in the chefdk package to my
local cert store , no dice. on my mac i have set insecure globally for curl
in .curlrc which works ( i dont want this to be the fix) ,that does not
work on my linux machines. i’m running the support versions of ubuntu for
DK. really need to figure out what i’m doing wrong and how to fix it.
Can you determine which copy of curl vagrant is using, and what CA cert
bundle curl is using? Also, are you unable to make any HTTPS requests, or
just to S3, e.g., what does
curl -I https://google.comsay?
I wonder if this is the same issue as https://github.com/opscode/
chef-dk/issues/199#issuecomment-60644778 In short, some root certs got
removed from the curl CA bundle because they’re using SHA1, but AWS’s cert
is signed by one of these, so you need it.