Chef remote_file download from Github fails

I have the problem that a download from Github fails on one specific Chef node using the remote_file resource (both in normal chef-client mode, as well as when running in chef-shell).

Downloads do work from the same server using wget and curl. Also the very same resource declaration works on my machine.

Resource declaration (most simple version that fails):

remote_file "/var/gerrit/review/plugins/rabbitmq.jar" do
  source "https://github.com/TYPO3-infrastructure/gerrit-rabbitmq-plugin/releases/download/rabbitmq-1.5-SNAPSHOT-20150203154700/rabbitmq-1.5-SNAPSHOT-20150203154700.jar"
end

The same occurs for all other release files from Github's S3 bucket that I tested. While a 403 Forbidden of course reminds me of rate limitations etc. I can't see why this should be the case when curl downloads from the same IP work.

Full debug log:

 * remote_file[/var/gerrit/review/plugins/rabbitmq.jar] action create[2015-10-19T22:40:38+02:00] INFO: Processing remote_file[/var/gerrit/review/plugins/rabbitmq.jar] action create (site-reviewtypo3org::amqp-publisher line 1)
[2015-10-19T22:40:38+02:00] DEBUG: remote_file[/var/gerrit/review/plugins/rabbitmq.jar] checksumming file at /var/gerrit/review/plugins/rabbitmq.jar.
[2015-10-19T22:40:38+02:00] DEBUG: remote_file[/var/gerrit/review/plugins/rabbitmq.jar] checking for changes
[2015-10-19T22:40:38+02:00] DEBUG: Cache control headers: {"if-modified-since"=>"Tue, 03 Feb 2015 14:57:25 GMT", "if-none-match"=>"\"6e60d332ee7e32e1982ed36181769c8f\""}
[2015-10-19T22:40:38+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_request
[2015-10-19T22:40:38+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_request
[2015-10-19T22:40:38+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_request
[2015-10-19T22:40:38+02:00] DEBUG: Initiating GET to https://github.com/TYPO3-infrastructure/gerrit-rabbitmq-plugin/releases/download/rabbitmq-1.5-SNAPSHOT-20150203154700/rabbitmq-1.5-SNAPSHOT-20150203154700.jar
[2015-10-19T22:40:38+02:00] DEBUG: ---- HTTP Request Header Data: ----
[2015-10-19T22:40:38+02:00] DEBUG: if-modified-since: Tue, 03 Feb 2015 14:57:25 GMT
[2015-10-19T22:40:38+02:00] DEBUG: if-none-match: "6e60d332ee7e32e1982ed36181769c8f"
[2015-10-19T22:40:38+02:00] DEBUG: Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
[2015-10-19T22:40:38+02:00] DEBUG: ---- End HTTP Request Header Data ----
[2015-10-19T22:40:39+02:00] DEBUG: ---- HTTP Status and Header Data: ----
[2015-10-19T22:40:39+02:00] DEBUG: HTTP 1.1 302 Found
[2015-10-19T22:40:39+02:00] DEBUG: server: GitHub.com
[2015-10-19T22:40:39+02:00] DEBUG: date: Mon, 19 Oct 2015 20:40:39 GMT
[2015-10-19T22:40:39+02:00] DEBUG: content-type: text/html; charset=utf-8
[2015-10-19T22:40:39+02:00] DEBUG: transfer-encoding: chunked
[2015-10-19T22:40:39+02:00] DEBUG: connection: close
[2015-10-19T22:40:39+02:00] DEBUG: status: 302 Found
[2015-10-19T22:40:39+02:00] DEBUG: content-security-policy: default-src *; script-src assets-cdn.github.com; object-src assets-cdn.github.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' assets-cdn.github.com; img-src 'self' data: assets-cdn.github.com identicons.github.com www.google-analytics.com checkout.paypal.com collector.githubapp.com *.githubusercontent.com *.gravatar.com *.wp.com; media-src 'none'; frame-src 'self' render.githubusercontent.com gist.github.com www.youtube.com player.vimeo.com checkout.paypal.com; font-src assets-cdn.github.com; connect-src 'self' live.github.com wss://live.github.com uploads.github.com status.github.com api.github.com www.google-analytics.com api.braintreegateway.com client-analytics.braintreegateway.com github-cloud.s3.amazonaws.com; base-uri 'self'; form-action 'self' github.com gist.github.com
[2015-10-19T22:40:39+02:00] DEBUG: public-key-pins: max-age=300; pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; includeSubDomains
[2015-10-19T22:40:39+02:00] DEBUG: cache-control: no-cache
[2015-10-19T22:40:39+02:00] DEBUG: vary: X-PJAX, Accept-Encoding
[2015-10-19T22:40:39+02:00] DEBUG: location: https://github-cloud.s3.amazonaws.com/releases/30247485/2a842826-abbc-11e4-8a77-45fa1f4254e4.jar?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20151019%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20151019T204039Z&X-Amz-Expires=300&X-Amz-Signature=5263c7cf5f4e0b4dad75ab6b61cab79c4ba52006bc74dddf123455a6806dbc8f&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Drabbitmq-1.5-SNAPSHOT-20150203154700.jar&response-content-type=application%2Foctet-stream
[2015-10-19T22:40:39+02:00] DEBUG: x-ua-compatible: IE=Edge,chrome=1
[2015-10-19T22:40:39+02:00] DEBUG: set-cookie: logged_in=no; domain=.github.com; path=/; expires=Fri, 19 Oct 2035 20:40:39 -0000; secure; HttpOnly, _gh_sess=eyJzZXNzaW9uX2lkIjoiYjlhYTBlYzdiZjVjMjRiYjcwOTliMGNmMGQxYTRhODEiLCJzcHlfcmVwbyI6IlRZUE8zLWluZnJhc3RydWN0dXJlL2dlcnJpdC1yYWJiaXRtcS1wbHVnaW4iLCJzcHlfcmVwb19hdCI6MTQ0NTI4NzIzOX0%3D--adb8b6278bfd7dafb550b7ad81d7d00134ec8d28; path=/; secure; HttpOnly
[2015-10-19T22:40:39+02:00] DEBUG: x-request-id: 3af146b73f99624eb12afb99db1e5ec6
[2015-10-19T22:40:39+02:00] DEBUG: x-runtime: 0.015264
[2015-10-19T22:40:39+02:00] DEBUG: x-github-request-id: 5BB8230D:7D29:1F164E09:56255547
[2015-10-19T22:40:39+02:00] DEBUG: strict-transport-security: max-age=31536000; includeSubdomains; preload
[2015-10-19T22:40:39+02:00] DEBUG: x-content-type-options: nosniff
[2015-10-19T22:40:39+02:00] DEBUG: x-xss-protection: 1; mode=block
[2015-10-19T22:40:39+02:00] DEBUG: x-frame-options: deny
[2015-10-19T22:40:39+02:00] DEBUG: x-served-by: a4e77e68361b6b21519d8422c6815f62
[2015-10-19T22:40:39+02:00] DEBUG: ---- End HTTP Status/Header Data ----
[2015-10-19T22:40:39+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_stream_complete
[2015-10-19T22:40:39+02:00] DEBUG: No content-length information collected for the streamed download, cannot identify streamed download.
[2015-10-19T22:40:39+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_stream_complete
[2015-10-19T22:40:39+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_stream_complete
[2015-10-19T22:40:39+02:00] DEBUG: Following redirect 1/10
[2015-10-19T22:40:39+02:00] DEBUG: Initiating GET to https://github-cloud.s3.amazonaws.com/releases/30247485/2a842826-abbc-11e4-8a77-45fa1f4254e4.jar?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAISTNZFOVBIJMK3TQ%2F20151019%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20151019T204039Z&X-Amz-Expires=300&X-Amz-Signature=5263c7cf5f4e0b4dad75ab6b61cab79c4ba52006bc74dddf123455a6806dbc8f&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Drabbitmq-1.5-SNAPSHOT-20150203154700.jar&response-content-type=application%2Foctet-stream
[2015-10-19T22:40:39+02:00] DEBUG: ---- HTTP Request Header Data: ----
[2015-10-19T22:40:39+02:00] DEBUG: if-modified-since: Tue, 03 Feb 2015 14:57:25 GMT
[2015-10-19T22:40:39+02:00] DEBUG: if-none-match: "6e60d332ee7e32e1982ed36181769c8f"
[2015-10-19T22:40:39+02:00] DEBUG: Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
[2015-10-19T22:40:39+02:00] DEBUG: ---- End HTTP Request Header Data ----
[2015-10-19T22:40:40+02:00] DEBUG: ---- HTTP Status and Header Data: ----
[2015-10-19T22:40:40+02:00] DEBUG: HTTP 1.1 403 Forbidden
[2015-10-19T22:40:40+02:00] DEBUG: x-amz-request-id: 1EF201092B540030
[2015-10-19T22:40:40+02:00] DEBUG: x-amz-id-2: JqQbWTxoW4fokAYVIdboCXVPQTxIFndFF+z3du8iim/r+cDBYaWcXyC08gHOeiV1
[2015-10-19T22:40:40+02:00] DEBUG: content-type: application/xml
[2015-10-19T22:40:40+02:00] DEBUG: transfer-encoding: chunked
[2015-10-19T22:40:40+02:00] DEBUG: date: Mon, 19 Oct 2015 20:40:39 GMT
[2015-10-19T22:40:40+02:00] DEBUG: server: AmazonS3
[2015-10-19T22:40:40+02:00] DEBUG: connection: close
[2015-10-19T22:40:40+02:00] DEBUG: ---- End HTTP Status/Header Data ----
[2015-10-19T22:40:40+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::ValidateContentLength#handle_stream_complete
[2015-10-19T22:40:40+02:00] DEBUG: No content-length information collected for the streamed download, cannot identify streamed download.
[2015-10-19T22:40:40+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::CookieManager#handle_stream_complete
[2015-10-19T22:40:40+02:00] DEBUG: Chef::HTTP calling Chef::HTTP::Decompressor#handle_stream_complete
[2015-10-19T22:40:40+02:00] INFO: HTTP Request Returned 403 Forbidden:

================================================================================
Error executing action `create` on resource 'remote_file[/var/gerrit/review/plugins/rabbitmq.jar]'
================================================================================


Net::HTTPServerException
------------------------
403 "Forbidden"


Resource Declaration:
---------------------
# In /var/chef/cache/cookbooks/site-reviewtypo3org/recipes/amqp-publisher.rb

  1: remote_file "#{node['gerrit']['install_dir']}/plugins/rabbitmq.jar" do
  2:   source "https://github.com/TYPO3-infrastructure/gerrit-rabbitmq-plugin/releases/download/rabbitmq-1.5-SNAPSHOT-20150203154700/rabbitmq-1.5-SNAPSHOT-20150203154700.jar"
  3:   owner node['gerrit']['user']
  4:   group node['gerrit']['group']
  5: end
  6:



Compiled Resource:
------------------
# Declared in /var/chef/cache/cookbooks/site-reviewtypo3org/recipes/amqp-publisher.rb:1:in `from_file'

remote_file("/var/gerrit/review/plugins/rabbitmq.jar") do
  provider Chef::Provider::RemoteFile
  action "create"
  retries 0
  retry_delay 2
  guard_interpreter :default
  path "/var/gerrit/review/plugins/rabbitmq.jar"
  backup 5
  atomic_update true
  source ["https://github.com/TYPO3-infrastructure/gerrit-rabbitmq-plugin/releases/download/rabbitmq-1.5-SNAPSHOT-20150203154700/rabbitmq-1.5-SNAPSHOT-20150203154700.jar"]
  use_etag true
  use_last_modified true
  cookbook_name "site-reviewtypo3org"
  recipe_name "amqp-publisher"
  owner "gerrit"
  group "gerrit"
end



[2015-10-19T22:40:40+02:00] INFO: Running queued delayed notifications before re-raising exception
[2015-10-19T22:40:40+02:00] DEBUG: Re-raising exception: Net::HTTPServerException - remote_file[/var/gerrit/review/plugins/rabbitmq.jar] (site-reviewtypo3org::amqp-publisher line 1) had an error: Net::HTTPServerException: 403 "Forbidden"
/opt/chef/embedded/lib/ruby/1.9.1/net/http.rb:2633:in `error!'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/http.rb:177:in `streaming_request'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/provider/remote_file/http.rb:60:in `fetch'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/provider/remote_file/content.rb:65:in `grab_file_from_uri'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/provider/remote_file/content.rb:50:in `try_multiple_sources'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/provider/remote_file/content.rb:39:in `file_for_provider'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/file_content_management/content_base.rb:40:in `tempfile'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/provider/file.rb:411:in `tempfile'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/provider/file.rb:350:in `do_contents_changes'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/provider/file.rb:121:in `action_create'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/provider.rb:120:in `run_action'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/resource.rb:637:in `run_action'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/runner.rb:49:in `run_action'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/runner.rb:81:in `block (2 levels) in converge'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/runner.rb:81:in `each'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/runner.rb:81:in `block in converge'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/resource_collection.rb:98:in `block in execute_each_resource'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/resource_collection/stepable_iterator.rb:116:in `call'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/resource_collection/stepable_iterator.rb:116:in `call_iterator_block'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/resource_collection/stepable_iterator.rb:85:in `step'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/resource_collection/stepable_iterator.rb:104:in `iterate'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/resource_collection/stepable_iterator.rb:55:in `each_with_index'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/resource_collection.rb:96:in `execute_each_resource'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/runner.rb:80:in `converge'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/client.rb:345:in `converge'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/client.rb:431:in `do_run'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/client.rb:213:in `block in run'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/client.rb:207:in `fork'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/client.rb:207:in `run'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/application.rb:217:in `run_chef_client'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/application/client.rb:328:in `block in run_application'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/application/client.rb:317:in `loop'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/application/client.rb:317:in `run_application'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/lib/chef/application.rb:67:in `run'
  /opt/chef/embedded/lib/ruby/gems/1.9.1/gems/chef-11.12.2/bin/chef-client:26:in `'
  /usr/bin/chef-client:23:in `load'
  /usr/bin/chef-client:23:in `'