[Bug]: [Bug]: macOS LaunchAgent Telegram fails - Node.js TLS can't find CA certs #22856
Description
Summary
Summary: When running as a macOS LaunchAgent, the gateway's Telegram provider fails with Network request for 'setMyCommands' failed! because Node.js fetch() can't verify TLS certificates. Running the same gateway in a foreground terminal works fine.
Root cause: The LaunchAgent environment doesn't inherit the CA certificate bundle path. Node's undici/fetch fails with UNABLE_TO_GET_ISSUER_CERT_LOCALLY while curl from the same launchd context succeeds.
Fix: Adding NODE_EXTRA_CA_CERTS=/etc/ssl/cert.pem to the LaunchAgent plist resolves the issue.
Suggestion: openclaw gateway install should include NODE_EXTRA_CA_CERTS in the generated plist on macOS by default.
Environment:
OpenClaw: 2026.2.21-2
macOS: 26.3 (arm64)
Node: 22.22.0 (Homebrew)
Steps to reproduce
- openclaw gateway install
- Gateway starts, Telegram provider logs starting provider then deleteMyCommands failed: Network request failed
- Add NODE_EXTRA_CA_CERTS=/etc/ssl/cert.pem to plist → Telegram connects
Expected behavior
Gateway installed via openclaw gateway install on macOS should connect to Telegram and all external APIs without additional configuration.
Actual behavior
Telegram provider starts but all HTTPS requests fail silently. Node.js fetch() throws UNABLE_TO_GET_ISSUER_CERT_LOCALLY because the LaunchAgent environment lacks the CA certificate bundle path. curl from the same launchd context works fine, confirming it's Node-specific. The health endpoint reports tokenSource: "none" and running: false for Telegram.
OpenClaw version
2026.2.21-2
Operating system
macOS: 26.3 (arm64)
Install method
Node: 22.22.0 (Homebrew)
Logs, screenshots, and evidence
Impact and severity
No response
Additional information
No response