You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/faqs.mdx
+10-2Lines changed: 10 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,15 @@ If you're seeing a `fetch failed` error and your network requires custom certifi
38
38
39
39
You may also set `requestOptions.caBundlePath` to an array of paths to multiple certificates.
40
40
41
-
**_Windows VS Code Users_**: Installing the [win-ca](https://marketplace.visualstudio.com/items?itemName=ukoloff.win-ca) extension should also correct this issue.
41
+
**_Windows VS Code Users_**: Installing the [win-ca](https://marketplace.visualstudio.com/items?itemName=ukoloff.win-ca) extension may help Continue use the Windows certificate store, but `requestOptions.caBundlePath` is the most reliable fix.
42
+
43
+
### Common SSL certificate errors
44
+
45
+
If your logs include errors such as `unable to verify the first certificate`, `self signed certificate in certificate chain`, `certificate verify failed`, or `CERT_UNTRUSTED`, Continue was able to reach the endpoint but could not verify the TLS certificate chain it returned.
46
+
47
+
In most cases, the fix is to export the root or intermediate CA certificate for that endpoint and set `requestOptions.caBundlePath` in your model configuration. If the server also requires mutual TLS, add `requestOptions.clientCertificate` as well.
48
+
49
+
For step-by-step diagnosis with `curl` and `openssl`, see [Troubleshooting SSL certificate errors](/troubleshooting#ssl-certificate-errors).
42
50
43
51
### VS Code Proxy Settings
44
52
@@ -382,4 +390,4 @@ If you'd like to perform a clean reset of the extension, including removing all
382
390
383
391
## Still having trouble?
384
392
385
-
You can also join [GitHub Discussions](https://github.com/continuedev/continue/discussions) for additional support. Alternatively, you can create a GitHub issue [here](https://github.com/continuedev/continue/issues/new?assignees=&labels=bug&projects=&template=bug-report-%F0%9F%90%9B.md&title=), providing details of your problem, and we'll be able to help you out more quickly.
393
+
You can also join [GitHub Discussions](https://github.com/continuedev/continue/discussions) for additional support. Alternatively, you can create a GitHub issue [here](https://github.com/continuedev/continue/issues/new?assignees=&labels=bug&projects=&template=bug-report-%F0%9F%90%9B.md&title=), providing details of your problem, and we'll be able to help you out more quickly.
Copy file name to clipboardExpand all lines: docs/guides/how-to-self-host-a-model.mdx
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -120,3 +120,5 @@ config.json
120
120
]
121
121
}
122
122
```
123
+
124
+
If your endpoint uses a private or corporate CA but does not require mutual TLS, configure `requestOptions.caBundlePath` instead. For common errors like `unable to verify the first certificate` or `CERT_UNTRUSTED`, see [Configure Certificates](/faqs#configure-certificates) and [SSL certificate errors](/troubleshooting#ssl-certificate-errors).
@@ -104,6 +105,65 @@ To find the full path to a command on your system:
104
105
105
106
This issue typically affects macOS users with large development environments and is being tracked in [#7870](https://github.com/continuedev/continue/issues/7870) and [#6699](https://github.com/continuedev/continue/issues/6699).
106
107
108
+
## SSL certificate errors
109
+
110
+
If Continue can reach your model endpoint but cannot verify its TLS certificate chain, you may see `fetch failed` alongside errors such as:
111
+
112
+
- `unable to verify the first certificate`
113
+
- `self signed certificate in certificate chain`
114
+
- `certificate verify failed`
115
+
- `CERT_UNTRUSTED`
116
+
117
+
This usually happens when you are connecting to a self-hosted model, enterprise proxy, or internal endpoint that uses a private CA or an incomplete certificate chain.
118
+
119
+
### Quick fix: trust the CA bundle
120
+
121
+
Add the root or intermediate certificate for that endpoint to your model's `requestOptions.caBundlePath`:
122
+
123
+
```yaml
124
+
models:
125
+
- name: Secure endpoint
126
+
provider: openai
127
+
model: gpt-4.1
128
+
apiBase: https://llm.example.com/v1
129
+
requestOptions:
130
+
caBundlePath: /path/to/ca-chain.pem
131
+
```
132
+
133
+
If your setup requires mutual TLS, configure `requestOptions.clientCertificate` too. The self-hosting guide includes an example in [How to Set Up Authentication](/guides/how-to-self-host-a-model#how-to-set-up-authentication).
134
+
135
+
### Diagnose the certificate problem
136
+
137
+
1. Reproduce the error in the Continue logs so you can confirm the exact hostname that failed.
For self-hosted or enterprise deployments, these options usually help:
160
+
161
+
- Private CA or corporate proxy: set `requestOptions.caBundlePath`
162
+
- Mutual TLS: set `requestOptions.clientCertificate`
163
+
- Windows VS Code: if your certificates are managed through the Windows certificate store, the [win-ca extension](https://marketplace.visualstudio.com/items?itemName=ukoloff.win-ca) may help, but `requestOptions.caBundlePath` remains the most reliable option
164
+
165
+
As a temporary debugging step, you can set `requestOptions.verifySsl: false` to confirm the failure is certificate-related. Do not leave this disabled in normal use.
0 commit comments