Error when running terraform init

This is basically the same issue as reported here and here

When I run terraform init I get the following error:

$ terraform init monitoring/S3Bucket/

Initializing the backend...

Initializing provider plugins...
- Checking for available provider plugins...

Registry service unreachable.

This may indicate a network issue, or an issue with the requested Terraform Registry.


Error: registry service is unreachable, check https://status.hashicorp.com/ for status updates

If I run it with trace enabled:

$ TF_LOG=TRACE terraform init monitoring/S3Bucket/
2019/10/02 14:28:12 [INFO] Terraform version: 0.12.9  
2019/10/02 14:28:12 [INFO] Go runtime version: go1.12.9
2019/10/02 14:28:12 [INFO] CLI args: []string{"/usr/local/bin/terraform", "init", "monitoring/S3Bucket/"}
2019/10/02 14:28:12 [DEBUG] Attempting to open CLI config file: /Users/andym/.terraformrc
2019/10/02 14:28:12 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2019/10/02 14:28:12 [INFO] CLI command args: []string{"init", "monitoring/S3Bucket/"}

2019/10/02 14:28:12 [TRACE] Meta.Backend: no config given or present on disk, so returning nil config
2019/10/02 14:28:12 [TRACE] Meta.Backend: backend has not previously been initialized in this working directory
2019/10/02 14:28:12 [DEBUG] New state was assigned lineage "ac49b1a2-143d-d1ee-1b18-348454e54c50"
2019/10/02 14:28:12 [TRACE] Meta.Backend: using default local state only (no backend configuration, and no existing initialized backend)
2019/10/02 14:28:12 [TRACE] Meta.Backend: instantiated backend of type <nil>
Initializing the backend...
2019/10/02 14:28:12 [DEBUG] checking for provider in "."
2019/10/02 14:28:12 [DEBUG] checking for provider in "/usr/local/bin"
2019/10/02 14:28:12 [DEBUG] checking for provisioner in "."
2019/10/02 14:28:12 [DEBUG] checking for provisioner in "/usr/local/bin"
2019/10/02 14:28:12 [INFO] Failed to read plugin lock file .terraform/plugins/darwin_amd64/lock.json: open .terraform/plugins/darwin_amd64/lock.json: no such file or directory
2019/10/02 14:28:12 [TRACE] Meta.Backend: backend <nil> does not support operations, so wrapping it in a local backend
2019/10/02 14:28:12 [TRACE] backend/local: state manager for workspace "default" will:
 - read initial snapshot from terraform.tfstate
 - write new snapshots to terraform.tfstate
 - create any backup at terraform.tfstate.backup
2019/10/02 14:28:12 [TRACE] statemgr.Filesystem: reading initial snapshot from terraform.tfstate
2019/10/02 14:28:12 [TRACE] statemgr.Filesystem: snapshot file has nil snapshot, but that's okay
2019/10/02 14:28:12 [TRACE] statemgr.Filesystem: read nil snapshot
2019/10/02 14:28:12 [DEBUG] checking for provider in "."
2019/10/02 14:28:12 [DEBUG] checking for provider in "/usr/local/bin"
2019/10/02 14:28:12 [DEBUG] plugin requirements: "aws"=""

2019/10/02 14:28:12 [DEBUG] Service discovery for registry.terraform.io at https://registry.terraform.io/.well-known/terraform.json
2019/10/02 14:28:12 [TRACE] HTTP client GET request to https://registry.terraform.io/.well-known/terraform.json
Initializing provider plugins...
- Checking for available provider plugins...
2019/10/02 14:28:15 [ERR] Checkpoint error: Get https://checkpoint-api.hashicorp.com/v1/check/terraform?arch=amd64&os=darwin&signature=3d2e66fa-caab-ff79-5e60-58161f6af1c8&version=0.12.9: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

2019/10/02 14:28:22 [DEBUG] Failed to request discovery document: Get https://registry.terraform.io/.well-known/terraform.json: net/http: TLS handshake timeout
Registry service unreachable.

This may indicate a network issue, or an issue with the requested Terraform Registry.


Error: registry service is unreachable, check https://status.hashicorp.com/ for status updates

If I try to get the URLs with curl they work:

$ curl "https://registry.terraform.io/.well-known/terraform.json"
{"modules.v1":"/v1/modules/","providers.v1":"/v1/providers/"}
$ curl "https://checkpoint-api.hashicorp.com/v1/check/terraform?arch=amd64&os=darwin&signature=3d2e66fa-caab-ff79-5e60-58161f6af1c8&version=0.12.9"
{"product":"terraform","current_version":"0.12.9","current_release":1568749926,"current_download_url":"https://releases.hashicorp.com/terraform/0.12.9/","current_changelog_url":"https://github.com/hashicorp/terraform/blob/v0.12.9/CHANGELOG.md","project_website":"https://www.terraform.io","alerts":[]}

If I run the init with sudo it works, but surely that’s not the real solution? The environment vars are different under sudo so that’s likely to cause complications.

I’ve tried deleting any .terraform folders in the project and in my home directory, so they should get recreated with the correct permissions shouldn’t they?

Hi @andymadge!

The fact that sudo makes this behave differently suggests an unusual configuration on your system.

It looks like you’re running Terraform on MacOS. Do you have any special user-specific network configuration on your system, such as different nameservers configured for your personal user account, or possibly a VPN connection that is only accessible to your user account and not to root?

No I haven’t got anything like that. It’s pretty much standard. No VPN in use.

If I do nslookup registry.terraform.io and sudo nslookup registry.terraform.io I get identical responses including the DNS server IP.

Yesterday I was testing from my office and today I’m working from home, but there is no change in the behaviour.

There are people on the issue having the same problem and sudo works for them so I’m certainly not alone.

I had a similar issue and narrowed it down to an issue related to my macOS user profile, sudo and other users would work. After removing certificates from Keychain I did no longer need, it worked again. I suspect the number of certificates was the problem, not a specific one. In any case, that solved the issue.

3 Likes

Faced exactly the same issue. Removing a bunch of useless certificates from the Keychain solved the problem. Thank you for this!

I also had the same issue. Thankfully discovered this post, tried to run terraform init using sudo which worked and got me trying this Key chain maintenance, which was a pain in and of itself. I had to remove several dozen before terraform worked, and I had to enter my password for each certificate being removed.

I also had tried curl and found no issues, so I’m not sure why the terraform command had this issue, but glad to have a way to fix it.

Apple Keychain Access: https://support.apple.com/guide/keychain-access/get-information-about-a-certificate-kyca15178/10.5/mac/10.15

It may not be of any real consequence, but I found a ton of expired certificates installed thanks to my use of the “Microsoft Remote Desktop” application.