OpenClaw Tailscale hostname changes after redeploy: complete fix

Problem statement: you enabled Tailscale for your OpenClaw instance and configured external integrations using the MagicDNS hostname. After a routine redeployment or pod restart, the hostname changed. Your Tailscale ACLs stopped matching, DNS references broke, and scripts that used the old hostname failed. You want a stable hostname that survives pod lifecycle events so your integrations stay working.

Why hostname churn breaks Tailscale workflows

Tailscale's MagicDNS provides friendly hostnames like my-openclaw.tailnet.ts that resolve to your instance's Tailscale IP. When this hostname changes after every deployment, anything referencing the old name breaks immediately:

• ACL policies: Tailscale ACLs that grant access based on hostname stop matching when the hostname changes.
• External integrations: APIs, webhooks, and services configured to reach your OpenClaw instance lose connectivity.
• Documentation and runbooks: documented hostnames become stale, causing confusion for team members.
• Automation scripts: cron jobs, monitoring tools, and backup scripts that reference the hostname fail silently.
• DNS caching: even after you update references, DNS caching may cause traffic to route to non-existent hosts.

The operational burden of updating hostname references after every deployment is unsustainable. Stable hostnames are essential for reliable Tailscale workflows.

How previous implementations caused hostname churn

Early Tailscale sidecar implementations generated hostnames based on pod metadata:

• Pod names in Kubernetes include random suffixes that change on every deployment.
• Using pod names as the basis for TS_HOSTNAME caused MagicDNS entries to change with each rollout.
• Deploying a new version of OpenClaw meant getting a new Tailscale hostname, even though the instance was logically the same.
• External systems could not reliably track OpenClaw instances through Tailscale as they evolved.

This approach worked for testing but failed for production use where stability matters more than automatic naming.

The stable hostname solution

The current implementation defaults TS_HOSTNAME to your instance resource name:

• When you leave the hostname field blank in the Addons tab, the system uses your instance resource name as the Tailscale hostname.
• The instance resource name is stable—it does not change across deployments, pod restarts, or configuration updates.
• Your MagicDNS hostname becomes your-instance-name.tailnet.ts and stays that way indefinitely.
• If you specify a custom hostname, that custom value is persisted and used instead of the default.
• Hostnames are stored in the instance database and re-injected into the sidecar environment on each deployment.

Configuring a stable hostname for your OpenClaw instance

Option 1: Use the default instance resource name

The simplest approach is to let the platform handle hostname assignment:

• Open your instance in the OpenClaw dashboard and navigate to the Addons tab.
• Enable Tailscale and provide your auth key.
• Leave the hostname field empty.
• Save the configuration.
• The system uses your instance resource name as the Tailscale hostname automatically.

This is the recommended approach for most users. The hostname is predictable, stable, and requires no additional configuration.

Option 2: Specify a custom stable hostname

If you prefer a specific hostname that differs from the instance resource name:

• In the Addons tab, enter your desired hostname in the hostname field.
• Choose a name that you plan to keep long-term—avoid version numbers or temporal identifiers.
• Save the configuration.
• The custom hostname is persisted in the instance database and reused on all future deployments.

Custom hostnames are useful when you want human-friendly names that differ from the internal instance resource name, or when you are migrating from an existing Tailscale setup with an established hostname.

Option 3: Migrate from an unstable hostname

If you already have an instance with a hostname that changes on deployments:

• Note the current unstable hostname for reference.
• Update the hostname configuration in the Addons tab to your desired stable value.
• Save the configuration to trigger a redeployment with the new hostname.
• Update all external references to use the new stable hostname.
• Update Tailscale ACLs to reference the new hostname.
• Verify connectivity from all your integrations and scripts.

This migration is a one-time operation. Once you have a stable hostname configured, future deployments will preserve it automatically.

Diagnosing hostname instability issues

Check the Addons UI for hostname consistency

The Addons tab shows the configured hostname:

• Open your instance and navigate to the Addons tab.
• Find the Tailscale hostname field.
• Note whether the hostname is set to your instance resource name or a custom value.
• Compare this to the hostname shown in your Tailscale admin console.
• If they differ, the sidecar may be using a cached or stale hostname.

Verify hostname persistence across deployments

Test that your hostname survives a deployment:

• Note the current Tailscale hostname from the Addons UI or Tailscale admin console.
• Trigger a redeployment of your OpenClaw instance.
• Wait for the instance to restart and Tailscale to reconnect.
• Verify the hostname is unchanged in both the Addons UI and Tailscale admin console.
• Confirm connectivity from external systems using the hostname.

Check Tailscale admin console for duplicate hostnames

Sometimes hostname churn leaves stale entries in your tailnet:

• Log into your Tailscale admin console.
• Search for your OpenClaw instance by name.
• Look for multiple machines with similar names but different suffixes.
• Remove stale entries that correspond to old deployments.
• Keep only the entry with your current stable hostname.

Updating downstream systems after hostname changes

Update Tailscale ACLs

ACLs that reference your OpenClaw instance need hostname updates:

• Open your Tailscale ACL configuration in the admin console.
• Search for references to the old hostname.
• Replace with the new stable hostname.
• Test ACL rules by attempting access from an authorized user.
• Save and deploy the updated ACL configuration.

Update external integrations

Any system that reaches your OpenClaw instance via Tailscale needs updates:

• API clients and webhooks configured with the old hostname.
• Monitoring and alerting systems that poll the instance.
• Backup scripts that copy data from or to the instance.
• Documentation that references the hostname in examples or runbooks.
• Team communication channels where the hostname was shared.

Update DNS and service discovery

If you integrated Tailscale with external DNS or service discovery:

• Update custom DNS records that map to the Tailscale hostname.
• Update service registration in service mesh configurations.
• Update load balancer or reverse proxy configurations.
• Clear any DNS caches that might have the old hostname resolved.

Verifying the fix is working

1. Deploy a new version of your OpenClaw instance or trigger a redeployment.
2. Confirm the hostname in the Addons UI remains unchanged.
3. Verify the hostname in the Tailscale admin console is consistent.
4. Test connectivity from an external system using the hostname.
5. Confirm Tailscale ACLs still match and grant access correctly.
6. Perform a second redeployment and verify hostname persists again.

Edge cases and migration considerations

• Conflicting hostnames: if you choose a custom hostname that already exists in your tailnet, Tailscale may reject the registration or cause unpredictable behavior.
• Renaming instances: renaming an OpenClaw instance in the dashboard does not automatically update the Tailscale hostname—you must update the hostname field explicitly.
• Multiple instances: each instance gets its own hostname. Ensure uniqueness across instances to avoid conflicts.
• Importing instances: imported instances retain their configured hostname unless you explicitly change it.
• Deleting and recreating instances: a new instance with the same resource name will get the same hostname, which may be desirable or problematic depending on your use case.

Typical mistakes to avoid

• Leaving hostname blank and assuming it will stay the same without checking the default behavior.
• Using version numbers or deployment dates in custom hostnames, defeating the purpose of stability.
• Forgetting to update Tailscale ACLs after changing hostnames, causing access failures.
• Documenting the unstable pod-based hostname in runbooks, creating recurring update work.
• Assuming MagicDNS will automatically redirect old hostnames to new ones—it does not.
• Testing hostname stability only once without verifying through multiple deployment cycles.

Best practices for Tailscale hostname management

• Use instance resource names: when possible, let the platform use the instance resource name as the hostname.
• Choose meaningful custom names: if using custom hostnames, choose names that reflect the instance's purpose rather than its technical identity.
• Document hostnames centrally: maintain a registry of Tailscale hostnames for your OpenClaw instances to avoid confusion.
• Update ACLs proactively: when you must change a hostname, update ACLs before the change to minimize downtime.
• Test after deployments: make hostname verification part of your deployment checklist.

Fix once. Stop recurring Tailscale hostname and connectivity issues.

If this keeps coming back, you can move your existing setup to managed OpenClaw cloud hosting instead of rebuilding the same stack. Import your current instance, keep your context, and move onto a runtime with lower ops overhead.

• Import flow in ~1 minute
• Keep your current instance context
• Run with managed security and reliability defaults

If you would rather compare options first, review OpenClaw cloud hosting or see the best OpenClaw hosting options before deciding.

Import your current OpenClaw instance in 1 click Keep self-hosted: apply fix checklist

FAQ

Can I change the hostname after Tailscale is already enabled?

Yes. Update the hostname field in the Addons tab and save. The instance will redeploy with the new hostname. Remember to update all external references to avoid breakage.

What happens to the old hostname in Tailscale after I change it?

The old hostname remains as a stale entry in your Tailscale machine list until you remove it manually. Periodically clean up old machine entries to avoid confusion.

Do I need to update my auth key when changing hostnames?

No. Auth keys are used for initial registration and are independent of the hostname. Changing the hostname does not require re-authentication.

Will my IP address change when I change the hostname?

Possibly. Tailscale may assign a new IP when the hostname changes, especially if the old hostname is deregistered. Update any hard-coded IP references in addition to hostname references.

How do I know if I am using the stable hostname implementation?

If leaving the hostname field blank results in a hostname that matches your instance resource name, you are using the stable implementation. If you see pod-specific hashes or random suffixes, you may be on an older version—consider updating or migrating to managed hosting.

Sources

• Tailscale MagicDNS: how hostnames work in tailnets
• Tailscale ACLs: user and host-based access control
• OpenClaw Setup repository: commit 7a54dd5 implementing stable TS_HOSTNAME defaults
• Worklog entry 2026-04-03-tailscale-sidecar.md: complete Tailscale sidecar implementation notes including hostname persistence and stable defaults
• OpenClaw cloud hosting: managed platform with stable Tailscale hostnames