Why can't I install a vagrant environment with chef? certificate verify failed (OpenSSL::SSL::SSLError)

Question

My environment:

OS: Mac 10.10.1
rbenv: rbenv 0.4.0-129-g7e0e85b
Ruby: ruby 2.1.5p273 (2014-11-13 revision 48405) [x86_64-darwin14.0]

My Vagrantfile:

# -*- mode: ruby -*-
# vi: set ft=ruby :

VAGRANTFILE_API_VERSION = "2"

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  # Use Ubuntu 14.04 Trusty Tahr 64-bit as our operating system
  config.vm.box = "precise32"

  # Configurate the virtual machine to use 2GB of RAM
  config.vm.provider :virtualbox do |vb|
    vb.customize ["modifyvm", :id, "--memory", "2048"]
  end

  # Forward the Rails server default port to the host
  config.vm.network :forwarded_port, guest: 3000, host: 3000

  # Use Chef Solo to provision our virtual machine
  config.vm.provision :chef_solo do |chef|
    chef.cookbooks_path = ["cookbooks", "site-cookbooks"]

    chef.add_recipe "apt"
    chef.add_recipe "nodejs"
    chef.add_recipe "ruby_build"
    chef.add_recipe "rbenv::user"
    chef.add_recipe "rbenv::vagrant"
    chef.add_recipe "vim"
    chef.add_recipe "mysql::server"
    chef.add_recipe "mysql::client"

    # Install Ruby 2.1.2 and Bundler
    # Set an empty root password for MySQL to make things simple
    chef.json = {
      rbenv: {
        user_installs: [{
          user: 'vagrant',
          rubies: ["2.1.2"],
          global: "2.1.2",
          gems: {
            "2.1.2" => [
              { name: "bundler" }
            ]
          }
        }]
      },
      mysql: {
        server_root_password: ''
      }
    }
  end
end

My Cheffile:

site "http://community.opscode.com/api/v1"

cookbook 'apt'
cookbook 'build-essential'
cookbook 'mysql'
cookbook 'ruby_build'
cookbook 'nodejs', git: 'https://github.com/mdxp/nodejs-cookbook'
cookbook 'rbenv', git: 'https://github.com/fnichol/chef-rbenv'
cookbook 'vim'

After I run vagrant up, I got these errors:

➜ MY_RAILS_PROJECT vagrant up
/Applications/Vagrant/embedded/gems/gems/vagrant-1.3.5/lib/vagrant/util/which.rb:32: warning: Insecure world writable dir /usr/local/bin in PATH, mode 040777
Bringing machine 'default' up with 'virtualbox' provider...
[default] Importing base box 'precise32'...
[default] Matching MAC address for NAT networking...
[default] Setting the name of the VM...
[default] Clearing any previously set forwarded ports...
[default] Installing Chef cookbooks with Librarian-Chef...
[default] Destroying VM and associated drives...
[default] Running cleanup tasks for 'chef_solo' provisioner...
/Applications/Vagrant/embedded/lib/ruby/1.9.1/net/http.rb:800:in `connect': SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed (OpenSSL::SSL::SSLError)
from /Applications/Vagrant/embedded/lib/ruby/1.9.1/net/http.rb:800:in `block in connect'
from /Applications/Vagrant/embedded/lib/ruby/1.9.1/timeout.rb:55:in `timeout'
from /Applications/Vagrant/embedded/lib/ruby/1.9.1/timeout.rb:100:in `timeout'
from /Applications/Vagrant/embedded/lib/ruby/1.9.1/net/http.rb:800:in `connect'
from /Applications/Vagrant/embedded/lib/ruby/1.9.1/net/http.rb:756:in `do_start'
from /Applications/Vagrant/embedded/lib/ruby/1.9.1/net/http.rb:745:in `start'
from /Users/jingqiangzhang/.vagrant.d/gems/gems/librarian-chef-0.0.4/lib/librarian/chef/source/site.rb:353:in `block in http_get'

I have found this article:

• http://railsapps.github.io/openssl-certificate-verify-failed.html

I can confirm my openssl version:

➜  MY_RAILS_PROJECT  openssl version
OpenSSL 1.0.1j 15 Oct 2014

I don't know what's the reason.

Answer 1

Change your site to https://supermarket.chef.io/api/v1. If that still fails, you'll need to update your TLS CA data. I'm not sure how Vagrant deals with this, but you can try using certifi if you have a working Python install:

pip install certifi
export SSL_CERT_FILE="$(python -m certifi)"