GitHub Copilot Chat: v0.10.0 gives Error Code: SELF_SIGNED_CERT_IN_CHAIN

[ikolaxis]

• VS Code Version: 1.84.0
• GitHub Copilot: v1.133.0
• GitHub Copilot Chat: v0.10.0
• OS Version: Microsoft Windows 11 Enterprise 10.0.22621
• Logs: -

Steps to Reproduce:

1. When I update to GitHub Copilot Chat: v0.10.0, the Copilot Chat stops working and responds to all my prompts with the following message: "Please check your firewall rules and network connection then try again. Error Code: SELF_SIGNED_CERT_IN_CHAIN"
2. When I roll back to the older version v0.7.1, the Copilot Chat works properly.

[lramos15]

Does your corporate firewall properly allow https://api.githubcopilot.com

You can also try disabling the strict proxy SSL setting: http.proxyStrictSSL

[ikolaxis]

Does your corporate firewall properly allow https://api.githubcopilot.com

You can also try disabling the strict proxy SSL setting: http.proxyStrictSSL

From my browser, when I navigate to https://api.githubcopilot.com/ I get an HTML page with the message "404 page not found". The corporate firewall does not seem to forbid this page; otherwise, I would have gotten a different HTML page informing me that the corporate firewall prohibits access to the page.

I disabled the strict proxy SSL setting, but the same problem persists (this time with the latest version of GitHub Copilot Chat v0.10.1). I also tried disabling system certificates; once more, I got the same problem. This is the latest settings.json from my VS Code: { "redhat.telemetry.enabled": false, "git.autofetch": true, "editor.minimap.enabled": false, "workbench.colorTheme": "Visual Studio Dark", "http.proxyStrictSSL": false, "http.systemCertificates": false, "http.proxyAuthorization": null }

[stefz0]

Experiencing the same issue.

[puppetSpace]

I'm getting this error too. Our company has SelfSignedcertificates. Didn't have this issue with previous versions

Copilot: v1.135.0 Copilot chat: v0.10.1 VsCode: 1.84.2

[Addibro]

Same issue for me, although not tried earlier versions.

Copilot: v1.135.0 Chat: v0.10.1

Version: 1.84.2 (Universal) Commit: 1a5daa3a0231a0fbba4f14db7ec463cf99d7768e Date: 2023-11-09T10:52:33.687Z Electron: 25.9.2 ElectronBuildId: 24603566 Chromium: 114.0.5735.289 Node.js: 18.15.0 V8: 11.4.183.29-electron.0 OS: Darwin arm64 22.5.0

[lramos15]

We have an attempted fix that will be out on Monday in the latest insiders + pre-release. Thanks for your patience 🙏

[Sudhanva10]

@lramos15 Any Update on Patch Fix?

[lramos15]

@lramos15 Any Update on Patch Fix?

We're doing some experimental patch work to try and fix this.

In the latest pre-release and insiders please try the following setting and then restart the application

"github.copilot.advanced": {
  "debug.useNodeFetcher": true
}

[Addibro]

@lramos15 Any Update on Patch Fix?

We're doing some experimental patch work to try and fix this.

In the latest pre-release and insiders please try the following setting and then restart the application

"github.copilot.advanced": {
  "debug.useNodeFetcher": true
}

Added this and restarted but no luck yet

[puppetSpace]

@lramos15 Any Update on Patch Fix?

We're doing some experimental patch work to try and fix this.

In the latest pre-release and insiders please try the following setting and then restart the application

"github.copilot.advanced": {
  "debug.useNodeFetcher": true
}

Installed insiders edition. Added that setting, but it didn't solved the issue

[stefz0]

@lramos15 Any Update on Patch Fix?

We're doing some experimental patch work to try and fix this. In the latest pre-release and insiders please try the following setting and then restart the application

"github.copilot.advanced": {
  "debug.useNodeFetcher": true
}

Added this and restarted but no luck yet

Did the same, no luck

[lramos15]

Just to confirm you're on insiders with v0.11.2023111501 or greater of the extension

[puppetSpace]

I am on v0.11.2023111501. Just tried again and i get a different error: Please check your firewall rules and network connection then try again. Error Code: ECONNRESET.

[chrmarti]

Could you install the Network Proxy Test extension (https://marketplace.visualstudio.com/items?itemName=chrmarti.network-proxy-test) and check the output of F1 > Network Proxy Test: Test Connection in VS Code?

When asked for the URL enter https://api.githubcopilot.com/. This should respond with a 404 Not Found status, that is expected, but maybe you get something else. Please share the output of this (make sure to remove any sensitive information first).

[puppetSpace]

https://api.githubcopilot.com/

VS Code 1.85.0-insider (54821ee1f14beca4866abd7de86175b4794b030d)
Network Proxy Test 0.0.8
win32 10.0.22621 x64

Settings:
- http.proxy: 
- http.proxyAuthorization: null
- http.proxyStrictSSL: true
- http.proxySupport: override
- http.systemCertificates: true

Environment variables:

Sending GET request to https://api.githubcopilot.com/...
Received error: read ECONNRESET (ECONNRESET)
Retrying while ignoring certificate issues to collect information on the certificate chain.

Sending GET request to https://api.githubcopilot.com/ (allowing unauthorized)...
Received error: read ECONNRESET (ECONNRESET)

I'm going to check with our network-team if the URl is not blacklisted

[Sudhanva10]

@chrmarti Settings:

• http.proxy:
• http.proxyAuthorization: null
• http.proxyStrictSSL: true
• http.proxySupport: override
• http.systemCertificates: true

Environment variables:

Sending GET request to https://api.githubcopilot.com/... Received response:

• Status: 404 Not Found Certificate chain:
• Subject: api.githubcopilot.com Subject alt: DNS:api.githubcopilot.com Validity: Oct 17 03:49:28 2023 GMT - Nov 15 03:49:28 2024 GMT
• Subject: Corp-Proxy01-G1 Validity: Oct 14 21:23:43 2020 GMT - Oct 14 21:33:43 2025 GMT
• Subject: Corp-Prj-Root-CA Validity: Sep 30 21:34:39 2020 GMT - Sep 30 21:34:39 2040 GMT Self-signed Local root certificates:
• Subject: C=DE CN=Corp-Prj-Root-CA Validity: Sep 30 21:34:39 2020 GMT - Sep 30 21:34:39 2040 GMT Issuer: C=DE CN=Corp-Prj-Root-CA

[puppetSpace]

https://api.githubcopilot.com/

VS Code 1.85.0-insider (54821ee1f14beca4866abd7de86175b4794b030d)
Network Proxy Test 0.0.8
win32 10.0.22621 x64

Settings:
- http.proxy: 
- http.proxyAuthorization: null
- http.proxyStrictSSL: true
- http.proxySupport: override
- http.systemCertificates: true

Environment variables:

Sending GET request to https://api.githubcopilot.com/...
Received error: read ECONNRESET (ECONNRESET)
Retrying while ignoring certificate issues to collect information on the certificate chain.

Sending GET request to https://api.githubcopilot.com/ (allowing unauthorized)...
Received error: read ECONNRESET (ECONNRESET)

I'm going to check with our network-team if the URl is not blacklisted

Url is now whitelisted. now it works. I removed the setting you proposed and tried again. Then I get the certificate error again. So the setting works for the insider edition

[chrmarti]

Thanks @puppetSpace for confirming!

@Sudhanva10 That looks good and suggests GitHub Copilot Chat should work with the Node fetcher. Please make sure you are using the latest VS Code Insiders (http://code.visualstudio.com/insiders/) and VS Code Chat pre-release (currently v0.11.2023111601) versions and add the following user setting:

"github.copilot.advanced": {
  "debug.useNodeFetcher": true
}

[ikolaxis]

Hi @chrmarti, thanks a lot for providing a fix! I just tested it, and it works with the latest VS Code Insiders (v1.85.0-insider) and GitHub Copilot Chat (v0.11.2023111701). Please note it only works with the following settings.json; any change in the following params results in the reported error: { "http.proxyStrictSSL": false, "http.proxyAuthorization": null, "http.proxySupport": "override", "http.systemCertificates": true, "github.copilot.advanced": { "debug.useNodeFetcher": true } }

[qwertycody]

Hi @chrmarti, thanks a lot for providing a fix! I just tested it, and it works with the latest VS Code Insiders (v1.85.0-insider) and GitHub Copilot Chat (v0.11.2023111701). Please note it only works with the following settings.json; any change in the following params results in the reported error: { "http.proxyStrictSSL": false, "http.proxyAuthorization": null, "http.proxySupport": "override", "http.systemCertificates": true, "github.copilot.advanced": { "debug.useNodeFetcher": true } }

@ikolaxis - tried this fix and it did not work for me when I last attempted on a corporate network

[carlosgutrod]

Hi @chrmarti, thanks a lot for providing a fix! I just tested it, and it works with the latest VS Code Insiders (v1.85.0-insider) and GitHub Copilot Chat (v0.11.2023111701). Please note it only works with the following settings.json; any change in the following params results in the reported error: { "http.proxyStrictSSL": false, "http.proxyAuthorization": null, "http.proxySupport": "override", "http.systemCertificates": true, "github.copilot.advanced": { "debug.useNodeFetcher": true } }

This work for me. Corporate ZScaler in the middle.

Version: 1.85.0 (user setup) Commit: af28b32d7e553898b2a91af498b1fb666fdebe0c Date: 2023-12-06T20:48:09.019Z Electron: 25.9.7 ElectronBuildId: 25551756 Chromium: 114.0.5735.289 Node.js: 18.15.0 V8: 11.4.183.29-electron.0 OS: Windows_NT x64 10.0.19045

[ashrafsarhan]

I have fixed a similar issue by installing the following vscode extension on my macOs: Mac CA VSCode

[yusufk]

I have fixed a similar issue by installing the following vscode extension on my macOs: Mac CA VSCode

Thanks @ashrafsarhan - that worked for me too!

[chrmarti]

Mac CA VSCode additionally reads the CAs from '/System/Library/Keychains/SystemRootCertificates.keychain'. I will investigate if that would make sense to add by default.

[Anas-Alhariri]

@lramos15 Any Update on Patch Fix?

We're doing some experimental patch work to try and fix this.

In the latest pre-release and insiders please try the following setting and then restart the application

"github.copilot.advanced": {
  "debug.useNodeFetcher": true
}

This worked for me.

I have Http: Proxy Strict SSL disabled in VS Code

[sean-rowe]

I've tried all of the solutions but nothing works. I have the newest version installed. Here are my logs

2024-01-30 12:47:39.720 [info] [gitExtensionService] Successfully activated the vscode.git extension.
2024-01-30 12:47:39.720 [info] [gitExtensionService] Enablement state of the vscode.git extension: true.
2024-01-30 12:47:39.720 [info] [gitExtensionService] Successfully registered Git commit message provider.
2024-01-30 12:47:40.760 [info] [auth] Logged in as xxxxxxx
2024-01-30 12:47:41.479 [info] [chat] copilot token chat_enabled: true
2024-01-30 12:47:41.479 [info] [githubTitleAndDescriptionProvider] Initializing GitHub PR title and description provider provider.
2024-01-30 12:47:41.479 [info] [githubTitleAndDescriptionProvider] GitHub.vscode-pull-request-github extension is not yet activated.
2024-01-30 12:47:41.479 [info] [auth] Got Copilot token for xxxxxxx
2024-01-30 12:47:41.644 [info] [auth] Logged in as xxxxxxx
2024-01-30 12:47:41.692 [info] [chat] copilot token chat_enabled: true
2024-01-30 12:47:41.692 [info] [auth] Got Copilot token for xxxxxxx
2024-01-30 12:47:48.458 [info] [chat fetch] engine https://api.githubcopilot.com/chat
2024-01-30 12:47:48.459 [info] [chat fetch] modelMaxTokenWindow 4096
2024-01-30 12:47:48.459 [info] [chat fetch] chat model gpt-4
2024-01-30 12:47:48.684 [info] [extension] Error on conversation request: mU: certificate has expired
    at ude (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:119:29507)
    at processTicksAndRejections (node:internal/process/task_queues:95:5)
    at pBe (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:119:31529)
    at Zy.fetch (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:1242:10832)
    at cce (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:194:1926)
    at t.fetchMany (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:194:6659)
    at t.fetchOne (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:194:5864)
    at n1.fetchConversationResponse (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:1256:2000)
    at n1._provideResponseWithProgress (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:1256:1471)
    at n1.provideResponseWithProgress (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:1254:2086)
    at s.x (/Users/xxxxxxx/.vscode/extensions/github.copilot-chat-0.11.1/dist/extension.js:1266:1022)
    at f.$invokeAgent (/Applications/Visual Studio Code.app/Contents/Resources/app/out/vs/workbench/api/node/extensionHostProcess.js:141:128938)

[chrmarti]

@lramos15 Which URL does this error occur with? The hostname would be of main interest, maybe the mentioned api.githubcopilot.com? It seems the root certificate for that has expired.

[chrmarti]

@sean-rowe Are you behind a network proxy? Which version of VS Code are you using and on which OS?

[sean-rowe]

@lramos15 Which URL does this error occur with? The hostname would be of main interest, maybe the mentioned api.githubcopilot.com? It seems the root certificate for that has expired.

It's the api.githubpilot.com address. I'm behind a corporate firewall but I can hit the api url and get a 404, so I don't think the firewall is blocking the site.

I'm on a Mac with the latest version of vscode installed

[chrmarti]

@sean-rowe Could you install the Network Proxy Test extension (https://marketplace.visualstudio.com/items?itemName=chrmarti.network-proxy-test) and check the output of F1 > Network Proxy Test: Test Connection in VS Code? Enter https://api.githubcopilot.com when asked for the URL.

That will use the same certificates as when using the node fetcher: https://github.com/microsoft/vscode-copilot-release/issues/541#issuecomment-1814187850