Reading this
Jump Start PHP Environment, By Sitepoint
I finished but I get stack in Practicing… In ch.4 Virtual Machines getting
// I think I must add cert to my Windows 10… how do this? or else to solve the security concern???
User@PC7 /C/VM_Vagrant/CentOS
$ curl -V
curl 7.41.0 (i386-pc-win32) libcurl/7.41.0 OpenSSL/0.9.8zf zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp smtp smtps tel
net tftp
Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz
User@PC7 /C/VM_Vagrant/CentOS
$
User@PC7 /C/VM_Vagrant/homestead_improved-master
$ bin/folderfix.sh
sed: preserving permissions for `./sed011240': Permission denied
User@PC7 /C/VM_Vagrant/homestead_improved-master
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Box 'laravel/homestead' could not be found. Attempting to find and install...
default: Box Provider: virtualbox
default: Box Version: >= 0
The box 'laravel/homestead' could not be found or
could not be accessed in the remote catalog. If this is a private
box on HashiCorp's Atlas, please verify you're logged in via
`vagrant login`. Also, please double-check the name. The expanded
URL and error message are shown below:
URL: ["https://atlas.hashicorp.com/laravel/homestead"]
Error: SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
User@PC7 /C/VM_Vagrant/homestead_improved-master
$
in another folder
but shows collision (below) when ran vagrant up in the first folder
// can merge the folders to avoid collisions…?
“The specified host network collides…” change IP name in yaml file but the same…(in first folder)
In second folder (insecure run) I can enter ssh with warning… see second block below… well?
Welcome to Git (version 1.9.5-preview20150319)
Run 'git help git' to display the help index.
Run 'git help <command>' to display help for specific commands.
User@PC7 /C/VM_Vagrant/homestead_improved-master
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'laravel/homestead' is up to date...
==> default: There was a problem while downloading the metadata for your box
==> default: to check for updates. This is not an error, since it is usually due
==> default: to temporary network problems. This is just a warning. The problem
==> default: encountered was:
==> default:
==> default: SSL certificate problem: unable to get local issuer certificate
==> default: More details here: http://curl.haxx.se/docs/sslcerts.html
==> default:
==> default: curl performs SSL certificate verification by default, using a "bundle"
==> default: of Certificate Authority (CA) public keys (CA certs). If the default
==> default: bundle file isn't adequate, you can specify an alternate file
==> default: using the --cacert option.
==> default: If this HTTPS server uses a certificate signed by a CA represented in
==> default: the bundle, the certificate verification probably failed due to a
==> default: problem with the certificate (it might be expired, or the name might
==> default: not match the domain name in the URL).
==> default: If you'd like to turn off curl's verification of the certificate, use
==> default: the -k (or --insecure) option.
==> default:
==> default: If you want to check for box updates, verify your network connection
==> default: is valid and try again.
==> default: Clearing any previously set network interfaces...
The specified host network collides with a non-hostonly network!
This will cause your specified IP to be inaccessible. Please change
the IP or name of your host only network so that it no longer matches that of
a bridged or non-hostonly network.
User@PC7 /C/VM_Vagrant/homestead_improved-master
$
Welcome to Git (version 1.9.5-preview20150319)
Run 'git help git' to display the help index.
Run 'git help <command>' to display help for specific commands.
User@PC7 /C/VM_Vagrant/homestead
$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Checking if box 'laravel/homestead' is up to date...
==> default: There was a problem while downloading the metadata for your box
==> default: to check for updates. This is not an error, since it is usually due
==> default: to temporary network problems. This is just a warning. The problem
==> default: encountered was:
==> default:
==> default: SSL certificate problem: unable to get local issuer certificate
==> default: More details here: http://curl.haxx.se/docs/sslcerts.html
==> default:
==> default: curl performs SSL certificate verification by default, using a "bundle"
==> default: of Certificate Authority (CA) public keys (CA certs). If the default
==> default: bundle file isn't adequate, you can specify an alternate file
==> default: using the --cacert option.
==> default: If this HTTPS server uses a certificate signed by a CA represented in
==> default: the bundle, the certificate verification probably failed due to a
==> default: problem with the certificate (it might be expired, or the name might
==> default: not match the domain name in the URL).
==> default: If you'd like to turn off curl's verification of the certificate, use
==> default: the -k (or --insecure) option.
==> default:
==> default: If you want to check for box updates, verify your network connection
==> default: is valid and try again.
==> default: Resuming suspended VM...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
==> default: Machine booted and ready!
==> default: Machine already provisioned. Run `vagrant provision` or use the `--provision`
==> default: flag to force provisioning. Provisioners marked to run always will still run.
User@PC7 /C/VM_Vagrant/homestead
$ vagrant ssh
Welcome to Ubuntu 14.04.4 LTS (GNU/Linux 3.19.0-25-generic x86_64)
* Documentation: https://help.ubuntu.com/
Last login: Tue Mar 29 16:48:59 2016 from 10.0.2.2
vagrant@homestead:~$
There just seems to be an issue with CURL running in Win10 and not being able to find the certificate authority or bundle in the common Win10 folders.
According to the linked page:
libcurl performs peer SSL certificate verification by default. This is done by using a CA certificate store that the SSL library can use to make sure the peer’s server certificate is valid.
That said, the section just after that explains further:
If you’re using the curl command line tool, you can specify your own CA cert path by setting the environment variable CURL_CA_BUNDLE to the path of your choice.
If you’re using the curl command line tool on Windows, curl will search for a CA cert file named “curl-ca-bundle.crt” in these directories and in this order:
application’s directory
current working directory
Windows System directory (e.g. C:\windows\system32)
Windows Directory (e.g. C:\windows)
all directories along %PATH%
Get a better/different/newer CA cert bundle! One option is to extract the one a recent Firefox browser uses by running ‘make ca-bundle’ in the curl build tree root, or possibly download a version that was generated this way for you: CA Extract
Neglecting to use one of the above methods when dealing with a server using a certificate that isn’t signed by one of the certificates in the installed CA certificate store, will cause SSL to report an error (“certificate verify failed”) during the handshake and SSL will then refuse further communication with that server.
There appears to simply be an issue with the Win10 version of CURL not being able to verify the CA. I don’t think this has anything at all to do with Vagrant or VirtualBox or Laravel Homestead, etc. It’s CURL can’t do what it needs to do with certs.
I can’t explain how to fix it. Maybe Windows10 itself is getting in the way? Like if it’s a limited user account or some security tool tightened down the trust store or I don’t know what.