thanks for pointing me in the right direction. it's a bug with vagrants
cert store.
opened 11:31PM - 16 Dec 14 UTC
closed 08:52PM - 06 Jan 15 UTC
bug
upstream
I can't `vagrant up` or `vagrant box add` this puppetlabs Vagrant Cloud box on U… buntu 14.04 x64 and Vagrant 1.7.1 x64 or 1.7.0 x64 (downloaded and installed the `.deb` from the Vagrant website). I get this error message from cURL.
``` text
$ vagrant box add puppetlabs/centos-6.5-64-puppet --force
==> box: Loading metadata for box 'puppetlabs/centos-6.5-64-puppet'
box: URL: https://atlas.hashicorp.com/puppetlabs/centos-6.5-64-puppet
This box can work with multiple providers! The providers that it
can work with are listed below. Please review the list and choose
the provider you will be working with.
1) virtualbox
2) vmware_desktop
3) vmware_fusion
Enter your choice: 1
==> box: Adding box 'puppetlabs/centos-6.5-64-puppet' (v1.0.0) for provider: virtualbox
box: Downloading: https://atlas.hashicorp.com/puppetlabs/boxes/centos-6.5-64-puppet/
versions/1.0.0/providers/virtualbox.box
An error occurred while downloading the remote file. The error
message, if any, is reproduced below. Please fix this error and try
again.
SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
```
I can download the box directly using the system cURL
``` text
$ curl -O -L https://vagrantcloud.com/puppetlabs/boxes/centos-6.5-64-puppet/versions/1.0.0/providers/virtualbox.box
```
and the Vagrant embedded cURL
``` text
$ /opt/vagrant/bin/../embedded/bin/curl -O -L https://vagrantcloud.com/puppetlabs/boxes/centos-6.5-64-puppet/versions/1.0.0/providers/virtualbox.box
```
I downgraded to Vagrant 1.6.5 x64 from the `.deb` on the website and tried again and it worked.
---
Here's the [command debug log](https://gist.github.com/AnthonyMastrean/23bc15b7bf9fb59c4cb4)
the workaround is on the bottom and i just confirmed it works.
On Thu Dec 18 2014 at 12:34:08 PM Daniel DeLeo dan@kallistec.com wrote:
On Thursday, December 18, 2014 at 10:54 AM, Ryan Kelley wrote:
using straight curl alone seems to work fine. i had a co-worker confirm
also.
rykelley@EOS01:~$ curl -I https://opscode-omnibus-
packages.s3.amazonaws.com/windows/2008r2/x86_64/chefdk-0.3.5-1.msi
HTTP/1.1 200 OK
x-amz-id-2: w6BxBcDRByJUndEiNPu8sEXVmdsKx/r6XweQXrTmX7nVk5U3NyzJ1qw0s8+
FT2soQfjHUBSn+9E=
x-amz-request-id: 855D326C32841822
Date: Thu, 18 Dec 2014 18:52:41 GMT
Last-Modified: Fri, 14 Nov 2014 02:57:44 GMT
ETag: "39a194da347481a41f88f0b02bc0fcc6"
Accept-Ranges: bytes
Content-Type: application/x-msi
Content-Length: 229429754
Server: AmazonS3
how do i find how vagrant is calling curl ?
I poked around in the /Applications/Vagrant directory on my mac and it
looks like vagrant is bundling its own version of curl and its own
cacert.pem (though I haven’t upgraded vagrant in forever, I have 1.4.2).
Are you always seeing the errors from vagrant downloading boxes from S3
like in your original post, or do you get them during other operations as
well? If you’re only seeing errors from vagrant, it’s possible they got bit
by the Curl CA cert thing I linked. You might want to peruse their issue
tracker to see if it’s been reported and fixed.
--
Daniel DeLeo