Claude Cowork: SSL error — "ln not found" prevents ephemeral CA certificate from installing in VM
Preflight Checklist
- [x] I have searched existing issues and this hasn't been reported yet
- [x] This is a single bug report (please file separate reports for different bugs)
- [x] I am using the latest version of Claude Code
What's Wrong?
Environment
- App Version: Claude.app 2.1.44
- OS: macOS
Steps to Reproduce
- Open Claude.app
- Open a Cowork session
- Submit a prompt that triggers extended thinking
- Observe SSL error
Error Message
Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates
Expected Behavior
Extended thinking completes and the response is returned normally.
Actual Behavior
API call fails with a self-signed certificate error after extended thinking.
Root Cause (from ~/Library/Logs/Claude/coworkd.log)
The VM generates an ephemeral CA certificate and attempts to install it into the VM's trust store via update-ca-certificates, but fails because ln is missing from the VM environment:
What Should Happen?
Extended thinking completes and the response is returned normally without any SSL errors.
Error Messages/Logs
API Error: Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates
Steps to Reproduce
- Open Claude.app
- Open a Cowork session
- Submit a prompt that triggers extended thinking
- Observe the error: "Unable to connect to API: Self-signed certificate detected. Check your proxy or corporate SSL certificates"
Claude Model
Sonnet (default)
Is this a regression?
Yes, this worked in a previous version
Last Working Version
_No response_
Claude Code Version
2.1.44
Platform
Anthropic API
Operating System
macOS
Terminal/Shell
Terminal.app (macOS)
Additional Information
Root cause found in ~/Library/Logs/Claude/coworkd.log:
The VM generates an ephemeral CA certificate and attempts to install it into the VM's trust store via update-ca-certificates, but fails because ln is missing from the VM environment:
[proxy] generating ephemeral CA certificate (private key in memory only)
[proxy] ephemeral CA generated (expires: 2027-02-18T05:16:16Z)
[proxy] failed to install CA to trust store: update-ca-certificates failed: exit status 127:
/usr/sbin/update-ca-certificates: 97: ln: not found
[proxy] MITM proxy started on /var/run/mitm-proxy.sock
Because the CA cert is never trusted, all API calls routed through the MITM proxy fail with an SSL error.
Additional notes:
- Home network, no corporate proxy configured
curl https://api.anthropic.comsucceeds fine from the host machine- No proxy tools (Charles, Proxyman, mitmproxy, etc.) running
- Issue appeared suddenly with no changes made by the user
- Simple prompts work fine; extended thinking reliably triggers the error
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗