opencode icon indicating copy to clipboard operation
opencode copied to clipboard
Published 7 hours ago verified publisher icon sst

Issues while connecting with github copilot

Open didacd opened this issue 2 weeks ago • 2 comments

Description

On a fresh install of opencode, it networks behind a zscaler trying to use another provider gives issues with the certificates:

installed @opencode-ai/[email protected]

[35.00ms] done
 stderr=Saved lockfile
 done
INFO  2025-12-12T08:23:42 +5ms service=plugin [email protected] loading plugin
INFO  2025-12-12T08:23:42 +6ms service=plugin [email protected] loading plugin
INFO  2025-12-12T08:23:42 +44ms service=bus type=* subscribing
INFO  2025-12-12T08:23:42 +0ms service=bus type=session.updated subscribing
INFO  2025-12-12T08:23:42 +0ms service=bus type=message.updated subscribing
INFO  2025-12-12T08:23:42 +0ms service=bus type=message.part.updated subscribing
INFO  2025-12-12T08:23:42 +0ms service=bus type=session.updated subscribing
INFO  2025-12-12T08:23:42 +0ms service=bus type=message.updated subscribing
INFO  2025-12-12T08:23:42 +0ms service=bus type=message.part.updated subscribing
INFO  2025-12-12T08:23:42 +0ms service=bus type=session.diff subscribing
INFO  2025-12-12T08:23:42 +0ms service=format init
INFO  2025-12-12T08:23:42 +0ms service=bus type=file.edited subscribing
INFO  2025-12-12T08:23:42 +0ms service=lsp serverIds=deno, typescript, vue, eslint, biome, gopls, ruby-lsp, pyright, elixir-ls, zls, csharp, sourcekit-lsp, rust, clangd, svelte, astro, jdtls, yaml-ls, lua-ls, php intelephense, dart, ocaml-lsp, bash, terraform enabled LSP servers
INFO  2025-12-12T08:23:42 +3ms service=bus type=command.executed subscribing
INFO  2025-12-12T08:23:42 +1ms service=server status=started providers
INFO  2025-12-12T08:23:42 +2ms service=provider status=started state
INFO  2025-12-12T08:23:42 +2ms service=server event connected
INFO  2025-12-12T08:23:42 +3ms service=bus type=* subscribing
INFO  2025-12-12T08:23:42 +4ms service=models.dev file={} refreshing
INFO  2025-12-12T08:23:42 +0ms service=models.dev file={} refreshing
INFO  2025-12-12T08:23:42 +2ms service=server status=completed duration=381 method=GET path=/event request
INFO  2025-12-12T08:23:42 +0ms service=server status=completed duration=382 method=GET path=/config request
INFO  2025-12-12T08:23:42 +1ms service=server status=completed duration=383 method=GET path=/agent request
INFO  2025-12-12T08:23:42 +12ms service=provider init
INFO  2025-12-12T08:23:42 +2ms service=provider providerID=opencode found
INFO  2025-12-12T08:23:42 +0ms service=provider status=completed duration=26 state
INFO  2025-12-12T08:23:42 +10ms service=server status=completed duration=38 providers
INFO  2025-12-12T08:23:42 +0ms service=server status=completed duration=407 method=GET path=/provider request
INFO  2025-12-12T08:23:42 +0ms service=server status=completed duration=409 method=GET path=/config/providers request
INFO  2025-12-12T08:23:42 +32ms service=server method=GET path=/session request
INFO  2025-12-12T08:23:42 +0ms service=server status=started method=GET path=/session request
INFO  2025-12-12T08:23:42 +1ms service=server method=GET path=/command request
INFO  2025-12-12T08:23:42 +0ms service=server status=started method=GET path=/command request
INFO  2025-12-12T08:23:42 +1ms service=server status=completed duration=1 method=GET path=/command request
INFO  2025-12-12T08:23:42 +1ms service=server method=GET path=/lsp request
INFO  2025-12-12T08:23:42 +0ms service=server status=started method=GET path=/lsp request
INFO  2025-12-12T08:23:42 +0ms service=server status=completed duration=0 method=GET path=/lsp request
INFO  2025-12-12T08:23:42 +1ms service=server method=GET path=/mcp request
INFO  2025-12-12T08:23:42 +0ms service=server status=started method=GET path=/mcp request
INFO  2025-12-12T08:23:42 +1ms service=server status=completed duration=1 method=GET path=/mcp request
INFO  2025-12-12T08:23:42 +1ms service=server method=GET path=/formatter request
INFO  2025-12-12T08:23:42 +0ms service=server status=started method=GET path=/formatter request
INFO  2025-12-12T08:23:43 +179ms service=server method=GET path=/session/status request
INFO  2025-12-12T08:23:43 +0ms service=server status=started method=GET path=/session/status request
INFO  2025-12-12T08:23:43 +1ms service=server status=completed duration=1 method=GET path=/session/status request
INFO  2025-12-12T08:23:43 +0ms service=server method=GET path=/provider/auth request
INFO  2025-12-12T08:23:43 +1ms service=server status=started method=GET path=/provider/auth request
INFO  2025-12-12T08:23:43 +2ms service=server status=completed duration=3 method=GET path=/provider/auth request
INFO  2025-12-12T08:23:43 +0ms service=server method=GET path=/vcs request
INFO  2025-12-12T08:23:43 +0ms service=server status=started method=GET path=/vcs request
INFO  2025-12-12T08:23:43 +1ms service=server status=completed duration=1 method=GET path=/vcs request
INFO  2025-12-12T08:23:43 +1ms service=server method=GET path=/path request
INFO  2025-12-12T08:23:43 +0ms service=server status=started method=GET path=/path request
INFO  2025-12-12T08:23:43 +0ms service=server status=completed duration=0 method=GET path=/path request
INFO  2025-12-12T08:23:43 +1ms service=server status=completed duration=192 method=GET path=/session request
ERROR 2025-12-12T08:23:43 +0ms service=models.dev error=unable to get local issuer certificate Failed to fetch models.dev
ERROR 2025-12-12T08:23:43 +0ms service=models.dev error=unable to get local issuer certificate Failed to fetch models.dev
ERROR 2025-12-12T08:23:43 +0ms service=default e=unable to get local issuer certificate rejection
INFO  2025-12-12T08:23:43 +316ms service=server status=completed duration=502 method=GET path=/formatter request
INFO  2025-12-12T08:23:52 +9445ms service=server method=POST path=/provider/github-copilot/oauth/authorize request
INFO  2025-12-12T08:23:52 +1ms service=server status=started method=POST path=/provider/github-copilot/oauth/authorize request
ERROR 2025-12-12T08:23:53 +193ms service=server error=unable to get local issuer certificate failed
INFO  2025-12-12T08:23:53 +1ms service=server status=completed duration=194 method=POST path=/provider/github-copilot/oauth/authorize request
INFO  2025-12-12T08:23:53 +94ms service=server method=POST path=/provider/github-copilot/oauth/authorize request
INFO  2025-12-12T08:23:53 +0ms service=server status=started method=POST path=/provider/github-copilot/oauth/authorize request
ERROR 2025-12-12T08:23:53 +119ms service=server error=unable to get local issuer certificate failed
INFO  2025-12-12T08:23:53 +0ms service=server status=completed duration=119 method=POST path=/provider/github-copilot/oauth/authorize request
INFO  2025-12-12T08:23:53 +106ms service=server method=POST path=/provider/github-copilot/oauth/authorize request
INFO  2025-12-12T08:23:53 +0ms service=server status=started method=POST path=/provider/github-copilot/oauth/authorize request
ERROR 2025-12-12T08:23:53 +110ms service=server error=unable to get local issuer certificate failed
INFO  2025-12-12T08:23:53 +1ms service=server status=completed duration=111 method=POST path=/provider/github-copilot/oauth/authorize request
INFO  2025-12-12T08:23:53 +137ms service=server method=POST path=/provider/github-copilot/oauth/authorize request
INFO  2025-12-12T08:23:53 +0ms service=server status=started method=POST path=/provider/github-copilot/oauth/authorize request
ERROR 2025-12-12T08:23:53 +117ms service=server error=unable to get local issuer certificate failed
INFO  2025-12-12T08:23:53 +0ms service=server status=completed duration=117 method=POST path=/provider/github-copilot/oauth/authorize request

OpenCode version

1.0.150

Steps to reproduce

  1. zscaler with trusted certificate
  2. install opencode
  3. /connect with GitHub Copilot
  4. No error reported, check logs for the full result

Screenshot and/or share link

No response

Operating System

Windows 11

Terminal

Windows Terminal

didacd avatar Dec 12 '25 09:12 didacd

This issue might be a duplicate of existing issues. Please check:

  • #1694: Use local SSL trust store (related to SSL certificate validation)
  • #3130: SSL_CERT_FILE env not observed since v0.15.0 (SSL certificate handling)
  • #2992: opencode fails to start after chocolatey install: HTTPThread: the CA is invalid (certificate validation error)
  • #4883: Error: unable to verify the first certificate (similar certificate error)
  • #4959: Add option to disable models.dev fetch for corporate proxy environments (corporate proxy/SSL issues)
  • #531: Support HTTP_PROXY & HTTPS_PROXY for users behind firewalls (proxy support)
  • #923: Unable to access websites with self signed certificates (certificate validation)

Feel free to ignore if none of these address your specific case.

github-actions[bot] avatar Dec 12 '25 09:12 github-actions[bot]

In case you are blocked waiting for a built-in solution, you can workaround this issue with:

NODE_EXTRA_CA_CERTS=/path/to/Zscaler.cert opencode

justfortheloveof avatar Dec 13 '25 02:12 justfortheloveof

For reference, adding opencode at the end didn't work on my Windows machine. But it works leaving only the path:

setx NODE_EXTRA_CA_CERTS "C:\path\to\zscaler_root_ca.pem"

didacd avatar Dec 15 '25 10:12 didacd