Private Box cannot be found

[Cbeck527]

Vagrant version

$ vagrant --version
Vagrant 1.8.7

Host operating system

macOS Sierra 10.12.1

Darwin beckbook-pro 16.1.0 Darwin Kernel Version 16.1.0: Thu Oct 13 21:26:57 PDT 2016; root:xnu-3789.21.3~60/RELEASE_X86_64 x86_64

Guest operating system

Custom Ubuntu 14.04 OS built with packer

Vagrantfile

sensitive info redacted

Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.hostname = "v-app"
  config.vm.box = "warbyparker/PRIVATE_BOX_NAME"
  config.vm.network :private_network, ip: "192.168.250.10"
  config.ssh.insert_key = false
  config.vm.synced_folder ".", "/opt/wp/app",
                          owner: "app",
                          group: "vagrant",
                          mount_options: ["dmode=775,fmode=775"]
  config.vm.provider "virtualbox" do |v|
    v.cpus = 2
    v.memory = 4096
  end
  config.vm.provider "vmware_fusion" do |v, override|
    v.cpus = 2
    v.memory = 4096
  end
end

Debug output

sensitive info redacted from logs
https://gist.github.com/Cbeck527/c852eeb0474beef0c9f578379b97a181

Expected behavior

Vagrant is able to download the private box

Actual behavior

The box 'warbyparker/box_name' could not be found or
could not be accessed in the remote catalog. If this is a private
box on HashiCorp's Atlas, please verify you're logged in via
`vagrant login`. Also, please double-check the name. The expanded
URL and error message are shown below:

URL: ["https://atlas.hashicorp.com/warbyparker/box_name"]

Steps to reproduce

1. Run vagrant version 1.8.7
2. vagrant box add orgname/private_box_name

This break happened somewhere between 1.8.6 and 1.8.7 - a colleague's machine encountered this error, and I was unable to reproduce until upgrade to the latest (1.8.7 as of 2016-11-10)

References

I was unable to find similar issues, but this seems very similar to one I worked with the team on before: #6776

edit: after digging into the debug logs and discovering it was an SSL issue (comment below) searching through github issues was more helpful

[Cbeck527]

From what I can tell, it seems to boil down to some SSL issues with the embedded cURL? After having a look at the debug output and running the cURL command manually, this is what I get:

$ /opt/vagrant/embedded/bin/curl -I -q --fail --location --max-redirs 10 \
--user-agent "Vagrant/1.8.7 (+https://www.vagrantup.com; ruby2.2.5)" --continue-at "-" \
-H "Accept: application/json" \
"https://atlas.hashicorp.com/warbyparker/helios_omnibus?access_token=$ATLAS_TOKEN"

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

[Cbeck527]

Well this seems like a dupe of #7970

For those of you who stumble upon this - Vagrant can fall back to the system curl command if you remove the embedded binary.

This is hacky, but will fix it:

$ sudo rm -rf /opt/vagrant/embedded/bin/curl

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.