企业网络下 OpenClaw 出网失败:为 systemd 显式配置代理与 CA(PR #42611)
解决 VPS 位于企业代理/SSL inspection 环境时的超时与 SELF_SIGNED_CERT_IN_CHAIN;核心是把代理与证书变量写入 systemd 服务并重载验证。
GITHUBDiscovered 2026-03-11Author openclaw contributors
Prerequisites
- You can edit systemd unit files with sudo on the OpenClaw host.
- Corporate proxy address/credentials and trusted CA path are available.
Steps
- Open the OpenClaw service override or unit file and add BOTH uppercase and lowercase proxy variables.
- Add CA trust variables (for Node TLS) if SSL inspection is enabled, then save the file.
- Run daemon reload and restart OpenClaw gateway service.
- Check service logs for outbound success and absence of SELF_SIGNED_CERT_IN_CHAIN/timeout errors.
Commands
sudo systemctl edit openclaw-gatewaysudo systemctl daemon-reloadsudo systemctl restart openclaw-gatewayopenclaw gateway statusjournalctl -u openclaw-gateway -n 100 --no-pagerVerify
Gateway stays running and external API calls complete without TLS chain errors.
Caveats
- systemd does NOT inherit /etc/environment by default; env must be set in unit/override.
- Proxy auth format and CA path are environment-specific (需验证).
Source attribution
This tip is aggregated from community/public sources and preserved with attribution.
Open original source ↗