How I Fixed GitHub Copilot CLI Connection Issues on macOS

By -

How I Fixed GitHub Copilot CLI Connection Issues on macOS



The Problem

I encountered a frustrating issue where GitHub Copilot worked perfectly in VS Code's chat window, but the gh copilot CLI command would hang indefinitely without producing any output. All commands like gh copilot -p "what is 2+2" would just freeze, making the CLI unusable.

Initial Symptoms

  • ✅ GitHub Copilot chat in VS Code worked fine
  • ✅ GitHub CLI (gh) was installed and authenticated
  • ✅ Token had the correct copilot scope
  • ❌ Any gh copilot command would hang and timeout
  • ❌ Commands appeared to connect but never returned results

Diagnostic Process

Step 1: Verify Authentication

First, I checked that my GitHub CLI was properly authenticated:

gh auth status

Output showed I was logged in with the copilot scope included:

github.com
  ✓ Logged in to github.com account qzl-dev (keyring)
  - Token scopes: 'admin:public_key', 'copilot', 'gist', 'read:org', 'repo'

Authentication wasn't the issue.

Step 2: Check Copilot CLI Installation

gh copilot --version

The CLI was installed (version 0.0.422), so that wasn't the problem either.

Step 3: Review the Logs

This is where I found the smoking gun. I checked the Copilot CLI logs:

cat ~/.copilot/logs/*.log | tail -50

The logs revealed the real issue:

[ERROR] Error making GitHub API request: Error: unable to get issuer certificate; 
if the root CA is installed locally, try running Node.js with --use-system-ca

[ERROR] Failed to start MCP client for remote server github-mcp-server: 
TypeError: fetch failed

[ERROR] MCP transport for github-mcp-server closed

The Root Cause

The GitHub Copilot CLI uses Node.js internally and needs to connect to the MCP (Model Context Protocol) server at https://api.individual.githubcopilot.com/mcp/readonly. The issue was SSL certificate verification failing because Node.js wasn't configured to use the system's certificate authority (CA) store.

This explains why VS Code worked fine—VS Code uses its own certificate handling, while the CLI uses Node.js's built-in TLS/SSL verification.

The Solution

The fix was to configure Node.js to use the system's OpenSSL CA certificates by setting an environment variable:

export NODE_OPTIONS="--use-openssl-ca"

To make this permanent, I added it to my shell profile:

echo 'export NODE_OPTIONS="--use-openssl-ca"' >> ~/.zshrc
source ~/.zshrc

Testing the Fix

After setting the environment variable, I tested the CLI:

gh copilot -p "what is 2+2"

It worked! The CLI successfully connected to the MCP server and returned responses.

Why This Happens

This issue typically occurs when:

  1. Corporate networks with custom SSL certificates that intercept HTTPS traffic
  2. Security software that injects its own CA certificates
  3. Proxy configurations that require custom certificate validation
  4. macOS system updates that change certificate store locations

Node.js, by default, uses its own bundled CA certificates rather than the system's certificate store. The --use-openssl-ca flag tells Node.js to use the OS-level certificate store instead, which includes any custom certificates installed on your system.

Alternative Solutions

If the above solution doesn't work, you can try:

Update OpenSSL certificates:

brew update
brew upgrade openssl

For development/testing only (not recommended for production):

export NODE_TLS_REJECT_UNAUTHORIZED=0

⚠️ Warning: This disables certificate verification entirely and should only be used temporarily for debugging.

Key Takeaways

  1. Check the logs first: The Copilot CLI stores detailed logs in ~/.copilot/logs/ which are invaluable for debugging
  2. SSL issues are common: When CLI tools hang on API calls, SSL certificate verification is often the culprit
  3. Environment variables matter: Node.js behavior can be significantly changed by NODE_OPTIONS
  4. VS Code isolation: Just because Copilot works in VS Code doesn't mean the CLI will—they use different networking stacks

Configuration Files

For reference, here's what my MCP configuration looks like at ~/.copilot/mcp-config.json:

{
  "mcpServers": {
    "github-mcp-server": {
      "type": "http",
      "url": "https://api.individual.githubcopilot.com/mcp/readonly"
    }
  }
}

This configuration is used by both VS Code and the CLI, but the CLI requires the additional Node.js environment variable to handle SSL properly.

Conclusion

SSL certificate issues can be frustrating because they often manifest as silent hangs rather than clear error messages. The key to solving this was diving into the logs and understanding that the Copilot CLI uses Node.js under the hood. By configuring Node.js to use the system's certificate store with --use-openssl-ca, the CLI could successfully verify SSL certificates and connect to the MCP server.

If you're experiencing similar issues with GitHub Copilot CLI or any Node.js-based command-line tool that hangs on HTTPS connections, check your logs and try this solution!

Fixed on: March 5, 2026
Environment: macOS, GitHub CLI with Copilot extension 0.0.422

❤️ Support This Blog

If this post helped you, you can support my writing with a small donation. Thank you for reading.

Coffee ☕ Thanks 🙏 Extra Support ❤️

Comments

Post a Comment

Popular posts from this blog

fixed: embedded-redis: Unable to run on macOS Sonoma

By -
Image
Issue you might see below error while trying to run embedded-redis for your testing on your macOS after you upgrade to Sonoma. java.lang.RuntimeException: Can't start redis server. Check logs for details. Redis process log: at redis.embedded.AbstractRedisInstance.awaitRedisServerReady(AbstractRedisInstance.java:70) at redis.embedded.AbstractRedisInstance.start(AbstractRedisInstance.java:42) at redis.embedded.RedisServer.start(RedisServer.java:9) Solution use the latest one: https://mv   ...
Read more

Copying MDC Context Map in Web Clients: A Comprehensive Guide

By -
Image
Introduction In distributed systems, maintaining context across microservices is crucial for effective logging and tracing. The Mapped Diagnostic Context (MDC) in logging frameworks like Logback or Log4j allows developers to propagate contextual information such as request IDs, user IDs, or correlation IDs across threads and services. When using web clients to make outgoing requests, it's essential to propagate the MDC context map to ensure consistency and traceability. This guide will provide   ...
Read more

Reset user password for your own Ghost blog

By -
Image
If you do not config mail up for your ghost blog, it maybe a big problem once you lost your user password. however, methods are always more than problems. We can fix it up by reset it. 1. Find out your database name in your ghost config, it is maybe in config.production.json   "database": {     "client": "mysql",     "connection": {       "host": "localhost",       "user": "ghost-452",       "password": "dade1b0565f2585e07c7",       "database": "ghost_production_acm" 2. Use mysql to reset the password. mysql -u root -p Enter the password for root account. mysql> use ghost_production_acm; mysql> select * from users; ghost use bcrypthash for the password. You can get bcrypt hash string from http://bcrypthashgenerator.apphb.com/ mysql>update users set password=' $2b$10$PaL8tKcU4i0CsjRrM6BhROVQMwwLFw2HSx/kWlAUgja23fNllc2Fy' where ...
Read more