Vagrant up returns "failed to download the file"

I had a old Trellis stack working perfectly and today I was tried to use it but when I run vagrant up I got this error:

    default: Running ansible-galaxy...
- downloading role 'composer', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-composer/archive/1.5.0.tar.gz
 [ERROR]: failed to download the file: Failed to validate the SSL certificate
for github.com:443. Make sure your managed systems have a valid CA certificate
installed. You can use validate_certs=False if you do not need to confirm the
servers identity but this is unsafe and not recommended. Paths checked for this
platform: /etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl. The exception
msg was: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version
(_ssl.c:590).

 [WARNING]: - composer was NOT installed successfully.

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

I can use vagrant ssh and see all files there but if I try to access example.dev I get This site can’t be reached

Any idea what is causing this problem?

1 Like

See if this thread helps:

1 Like

Hi! thanks for the link!

But even after I followed your instructions I’m still getting the same error:

Here some debugs:

$ python --version
Python 2.7.14

$ python -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.0.2n  7 Dec 2017

$ ssh -T git@github.com
Hi gtso86! You've successfully authenticated, but GitHub does not provide shell access.

$ ansible-galaxy install -r requirements.yml
- downloading role 'composer', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-composer/archive/1.5.0.tar.gz
 [ERROR]: failed to download the file: Failed to validate the SSL certificate for github.com:443. Make sure your managed systems have a valid CA
certificate installed. You can use validate_certs=False if you do not need to confirm the servers identity but this is unsafe and not recommended.
Paths checked for this platform: /etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl. The exception msg was: [SSL: TLSV1_ALERT_PROTOCOL_VERSION]
tlsv1 alert protocol version (_ssl.c:590).

 [WARNING]: - composer was NOT installed successfully.

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

Any detail may I missed?

Extra info:

$ which openssl
/usr/bin/openssl

$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

I think the key diagnostic is the output of this command:

python -c 'import ssl; ssl.PROTOCOL_TLSv1_2'

:white_check_mark: good: no output but echo $? shows return code 0
:x: trouble: Traceback...(etc.)

My post (#7 in thread linked above) turned out to not necessarily have the solution.

  1. Did you try the ideas in posts #8 and #9?
  2. Is your ansible installed via homebrew (or something else like pip)?
  3. Did you try uninstalling ansible, then installing again via pip?
  4. Do you get return code 0 or a Traceback from
    python -c 'import ssl; ssl.PROTOCOL_TLSv1_2'
2 Likes

This is the output:
image

  1. Did you try the ideas in posts #8 and #9?

Yes, but when I try to link openssl I get a warning…

  1. Is your ansible installed via homebrew (or something else like pip)?

No idea. when I try $ which ansible this is the anwser’s /usr/local/bin/ansible

  1. Did you try uninstalling ansible, then installing again via pip?

Yes.

I had this problem, was running ansible 2.4.0.0, upgraded to 2.5.2 and now the problem is gone.

So upgrade your ansible. You’ll feel like a hero.

2 Likes

Im having the same problem on one machine (Mac) but works fine on another (Mac too).

I’ve been two days trying to fix this but Im lost.
Could you help me to debug this? I can provide all the outputs that you need. My problem now is I don’t know what to try or if Im doing something wrong.

Currently Im at this state (I won’t change anything until answer):
Error

$ ansible-galaxy install -r requirements.yml
- downloading role 'composer', owned by geerlingguy
- downloading role from https://github.com/geerlingguy/ansible-role-composer/archive/1.6.1.tar.gz
 [ERROR]: failed to download the file: Failed to validate the SSL certificate
for github.com:443. Make sure your managed systems have a valid CA certificate
installed. You can use validate_certs=False if you do not need to confirm the
servers identity but this is unsafe and not recommended. Paths checked for this
platform: /etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl. The exception
msg was: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version
(_ssl.c:590).

 [WARNING]: - composer was NOT installed successfully.

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.

.bash_profile

PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin/composer
export PATH="/usr/local/opt/python@2/libexec/bin:$PATH" 

paths

/usr/local/bin
/usr/bin
/bin
/usr/sbin
/sbin

$ which python
/usr/local/bin/python

$ python --version
Python 2.7.15

$ python -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.0.2o  27 Mar 2018

$ which openssl
/usr/bin/openssl

$ openssl version
OpenSSL 0.9.8zh 14 Jan 2016

iMac:~ myuser$ python -c 'import ssl; ssl.PROTOCOL_TLSv1_2'
iMac:~ myuser$ 

$ ansible --version
ansible 2.5.3
  config file = /Users/user/testing/trellis/ansible.cfg
  configured module search path = [u'/Users/user/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Library/Python/2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.10 (default, Oct 23 2015, 19:19:21) [GCC 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.0.59.5)]

Thanks

I am having the same issue as you.

- downloading role from https://github.com/geerlingguy/ansible-role-composer/archive/1.7.0.tar.gz
 [ERROR]: failed to download the file: Failed to validate the SSL certificate
for github.com:443. Make sure your managed systems have a valid CA certificate
installed. You can use validate_certs=False if you do not need to confirm the
servers identity but this is unsafe and not recommended. Paths checked for this
platform: /etc/ssl/certs, /etc/ansible, /usr/local/etc/openssl. The exception
msg was: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version
(_ssl.c:590).

 [WARNING]: - composer was NOT installed successfully.

ERROR! - you can use --ignore-errors to skip failed roles and finish processing the list.
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.


$ ansible --version
ansible 2.5.4
  config file = /Users/nick/Code/site.com/trellis/ansible.cfg
  configured module search path = [u'/Users/nick/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /Library/Python/2.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 2.7.10 (default, Feb  7 2017, 00:08:15) [GCC 4.2.1 Compatible Apple LLVM 8.0.0 (clang-800.0.34)]

This seems to happen only when ssl is enabled on my dev machine using the self-signed option.

development/wordpress_sites.yml

ssl:
  enabled: true
  provider: self-signed

Anyone ever figure out a fix for this?