[chef] Re: Excon::Errors::SocketError Unable to verify certificate

On Fri, 21 Jun 2013, 

 
 wrote:

> My newly launched nodes started failing in their route53 recipe last nite 
> with
> this error:
> 
> FATAL: Excon::Errors::SocketError:
> route53_record[chef-ci-web.dev.needtogetmyoontzon.com]
> (resolver::default line 128) had an error: Excon::Errors::SocketError:
> Unable to verify certificate, please set `Excon.defaults[:ssl_ca_path]
> = path_to_certs`, `Excon.defaults[:ssl_ca_file] = path_to_file`, or
> `Excon.defaults[:ssl_verify_peer] = false` (less secure).
> 
> On such a system, I see:
> 
> /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/excon-0.25.0
> 
> On a system launched only a couple days ago, I see
> 
> /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/excon-0.24.0
> 
> I see 0.25.0 changed the behavior of how it finds certs:
> https://github.com/geemus/excon/blob/master/changelog.txt
> 
> I'm not sure if I should bug geemus, or the chef community. In the meantime,
> I'm gonna see if I can pin my clients to 0.24.0 so we're not stuck on this.

I was able to prevent excon 0.25.0 from being installed, and instead install
excon 0.24.0 by calling this early in my run_list:

    chef_gem "excon" do
      version "0.24.0"
    end

fwiw.

My deets:

AWS Linux 2012.09, chef 10.24.0