On an on-prem Chef Server older than 12.4.1, when bootstrapping a node takes an hour or more, the embedded chef-client run will have auth trouble when retrieving cookbook files from their URLs. The attempts to retrieve those files will result in a 403 return code. The reason is that those cookbook URLs are encoded with a timeout value. That timeout value is around 3600s or 1h.
To get around the issue, you can adjust the timeout value in your chef-server.rb and reconfigure. The value setting should look like this. You can choose any reasonable value. The following value in seconds is the default in Chef Server 12.4.1
opscode_erchef['s3_url_ttl'] = 28800