What does WebSocket close code 4008 mean in OpenClaw?

In this failure pattern, transport handshakes succeed but the connect/auth step fails, so the Control UI appears Offline and chat cannot start.

Why does Health stay Offline even when the gateway is reachable via HTTP?

HTTP reachability only proves the web server responds. OpenClaw UI still needs a successful authenticated WebSocket connect path.

What is the fastest way to isolate whether this is config or runtime regression?

Test the same config on a known-good OpenClaw version and stable Node runtime, then compare verbose ws logs line-by-line for auth and connect events.

Blog

OpenClaw WebSocket 4008 “connect failed” fix

Problem statement: Control UI opens but stays Offline, and verbose logs show successful handshake followed by immediate disconnect code 4008. Teams lose time because network appears healthy while auth/connect path is broken.

Recent reports

GitHub issue #30469 opened 2026-03-01 with 100% reproducible disconnect after hello-ok.
Symptoms match a high-friction onboarding step: UI reachable, agent unusable.

Actionable diagnosis sequence

Verify runtime baseline: openclaw status, version, Node version, OS.
Confirm token location: single source of truth in ~/.openclaw/openclaw.json.
Test local socket path directly (ws://127.0.0.1:18789) before SSH tunnel/proxy layers.
Enable verbose gateway logs and capture full connect lifecycle.
Reproduce with clean browser profile (no stale query tokens, extensions disabled).
If tunneling, verify forward target uses the same host/protocol assumptions as UI origin.

Known high-leverage fixes

Runtime parity: test on LTS Node version if running bleeding-edge builds.
Auth consistency: avoid mixing CLI flags and config values that override token behavior.
Proxy simplification: temporarily remove extra hops (FRP/Nginx/SSH) to identify the failing layer.
Version pinning: if regression confirmed, pin to last known-good version and track upstream patch.

Fix once. Stop recurring WebSocket/auth disconnects.

If this keeps coming back, you can move your existing setup to managed OpenClaw cloud hosting instead of rebuilding the same stack. Import your current instance, keep your context, and move onto a runtime with lower ops overhead.

Import flow in ~1 minute
Keep your current instance context
Run with managed security and reliability defaults

If you would rather compare options first, review OpenClaw cloud hosting or see the best OpenClaw hosting options before deciding.

Import your current OpenClaw instance in 1 click Keep self-hosted: apply fix checklist

OpenClaw import first screen in OpenClaw Setup dashboard (light theme) — 1) Paste import payload

OpenClaw import first screen in OpenClaw Setup dashboard (dark theme) — 1) Paste import payload

OpenClaw import completed screen in OpenClaw Setup dashboard (light theme) — 2) Review and launch

OpenClaw import completed screen in OpenClaw Setup dashboard (dark theme) — 2) Review and launch

If this keeps recurring

Treat repeated 4008 incidents as an operating-model problem, not just a one-off fix. Review OpenClaw cloud hosting, hosting options, or go back to the homepage if you want the fastest managed path.

FAQ

Is this always a bad token?

No. It can also be a connect flow regression, tunnel mismatch, or proxy rewrite issue.

Should I immediately reinstall OpenClaw?

Not first. Capture logs and isolate layer failures so you don’t lose root-cause evidence.