Claude Cowork: SSL error — "ln not found" prevents ephemeral CA certificate from installing in VM

Resolved 💬 3 comments Opened Feb 18, 2026 by elizabethburg Closed Feb 21, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

Environment

  • App Version: Claude.app 2.1.44
  • OS: macOS

Steps to Reproduce

  1. Open Claude.app
  2. Open a Cowork session
  3. Submit a prompt that triggers extended thinking
  4. Observe SSL error

Error Message

Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates

Expected Behavior

Extended thinking completes and the response is returned normally.

Actual Behavior

API call fails with a self-signed certificate error after extended thinking.

Root Cause (from ~/Library/Logs/Claude/coworkd.log)

The VM generates an ephemeral CA certificate and attempts to install it into the VM's trust store via update-ca-certificates, but fails because ln is missing from the VM environment:

What Should Happen?

Extended thinking completes and the response is returned normally without any SSL errors.

Error Messages/Logs

API Error: Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates

Steps to Reproduce

  1. Open Claude.app
  2. Open a Cowork session
  3. Submit a prompt that triggers extended thinking
  4. Observe the error: "Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates"

Claude Model

Sonnet (default)

Is this a regression?

Yes, this worked in a previous version

Last Working Version

_No response_

Claude Code Version

2.1.44

Platform

Anthropic API

Operating System

macOS

Terminal/Shell

Terminal.app (macOS)

Additional Information

Root cause found in ~/Library/Logs/Claude/coworkd.log:

The VM generates an ephemeral CA certificate and attempts to install it into the VM's trust store via update-ca-certificates, but fails because ln is missing from the VM environment:

[proxy] generating ephemeral CA certificate (private key in memory only)
[proxy] ephemeral CA generated (expires: 2027-02-18T05:16:16Z)
[proxy] failed to install CA to trust store: update-ca-certificates failed: exit status 127:
/usr/sbin/update-ca-certificates: 97: ln: not found
[proxy] MITM proxy started on /var/run/mitm-proxy.sock

Because the CA cert is never trusted, all API calls routed through the MITM proxy fail with an SSL error.

Additional notes:

  • Home network, no corporate proxy configured
  • curl https://api.anthropic.com succeeds fine from the host machine
  • No proxy tools (Charles, Proxyman, mitmproxy, etc.) running
  • Issue appeared suddenly with no changes made by the user
  • Simple prompts work fine; extended thinking reliably triggers the error

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗