# TASK: [wp-cli | Install WP-CLI tab completions]

**URL:** https://discourse.roots.io/t/task-wp-cli-install-wp-cli-tab-completions/5708
**Category:** trellis
**Created:** 2016-01-16T14:59:25Z
**Posts:** 8
**Showing post:** 7 of 8

## Post 7 by @fullyint — 2016-06-29T19:55:52Z

@max I’m afraid I don’t have a good answer for you. My first suggestion would be to try again after waiting a bit. I tried creating a fresh vm and couldn’t reproduce the problem.

If you have the option of turning on a VPN for your control machine, doing so should change your IP and could get around any potential rate-limiting, if relevant. That _may_ have worked for me once when I think GitHub was rate-limiting me after a few provision attempts, or maybe it was just a coincidence. However, I realize the relevant domain is [getcomposer.org](http://getcomposer.org), not GitHub.

If you haven’t already, check that you’re using Ansible 2.0.2.0 and Vagrant 1.8.1 (1.8.4 is not working for everybody). You could then

- `vagrant box update` (e.g., to use the latest `ubuntu/trusty64` with provider `virtualbox` version `20160627.0.0`)
- back up mysql db on vm (if somehow you did anything with the db)
- `vagrant destroy -f && vagrant up` to completely rebuild the vm

If that doesn’t fix it, we can consider the error message, which I understand to be Ansible offering suggestions of what to check in the event of [ssl.SSLError or socket.error](https://github.com/ansible/ansible/blob/v2.0.2.0-1/lib/ansible/module_utils/urls.py#L625-L638) rather than exact diagnostics of the problem. You probably saw something like

```
msg: Failed to validate the SSL certificate for getcomposer.org:443.
Make sure your managed systems have a valid CA certificate installed. 
If the website serving the url uses SNI you need python >= 2.7.9 on your managed machine. 
You can use validate_certs=False if you do not need to confirm the server\s identity but this is unsafe and not recommended.
Paths checked for this platform: /etc/ssl/certs, /etc/pki/ca-trust/extracted/pem, /etc/pki/tls/certs, /usr/share/ca-certificates/cacert.org, /etc/ansible
```

- I doubt the problem is a missing/obsolete CA certificate on the vm because your `curl` and `wget` succeed.
- I doubt it is an SNI or python version problem because I get the same cert in response to these commands:

```
# not applying SNI
openssl s_client -connect getcomposer.org:443 | openssl x509 -noout -text

# applying SNI by specifying -servername
openssl s_client -connect getcomposer.org:443 -servername getcomposer.org | openssl x509 -noout -text
```

If trying later doesn’t work, and a VPN doesn’t work, you may have to do a little more digging, or try a temporary dirty hack and adjust the offending task in the `vendor/roles` directory, either setting the `validate_certs` option to `false` ([docs](http://docs.ansible.com/ansible/get_url_module.html)), which is insecure, or change the task to use `curl`.

---

_[View the full topic](https://discourse.roots.io/t/task-wp-cli-install-wp-cli-tab-completions/5708)._
