Gateway Restart Regenerates TLS Certificates Breaking Sandbox Connections - IssueFinder - SN 04

[dinuduke]

Description

Description

When the gateway restarts, TLS certificates are regenerated, breaking all existing sandbox SSH connections. This forces destructive re-onboarding.

Impact

Loss of sandbox connectivity on gateway restart; forces data loss if workspace is not backed up.

Affected Area

• Service(s): NemoClaw gateway
• Module(s): Runtime lifecycle

Notes

Tracked at #888 — priority: high with contributor assigned.

Related GitHub Issue Check

• Matching open issue: Gateway restart regenerates TLS certificates, breaking existing sandbox connections #888
• Duplicate status: Confirmed existing
• Reasoning: Our audit of the gateway lifecycle confirmed TLS certificates are ephemeral and not persisted. Tracked at Gateway restart regenerates TLS certificates, breaking existing sandbox connections #888.

Reproduction Steps

Reproduction Steps

1. Start NemoClaw with gateway TLS enabled
2. Restart the sandbox (without full onboard):

   nemoclaw <sandbox-name> restart

3. Check whether the gateway TLS certificate was regenerated or reused:

   openshell sandbox exec <sandbox-name> -- \
     openssl x509 -in /sandbox/.openclaw/gateway-cert.pem -noout -dates

4. Compare the certificate dates before and after restart — if unchanged, TLS was not regenerated

Environment

Repository

• https://github.com/NVIDIA/NemoClaw

• Branch: main

• OS: macOS / Linux

• NemoClaw Version: v0.1.0

• Branch: main

• Runtime: Docker via OpenShell

• Container / Orchestration Info: Docker sandbox

• Network Setup: localhost TLS between gateway and client

Debug Output

# Inspect the gateway TLS configuration:
openshell sandbox exec <sandbox-name> -- \
  cat /sandbox/.openclaw/openclaw.json | python3 -c "
import sys, json
c = json.load(sys.stdin)
print('Gateway TLS config:', json.dumps(c.get('gateway', {}), indent=2))
"

# Check the certificate fingerprint:
openshell sandbox exec <sandbox-name> -- \
  openssl x509 -in /sandbox/.openclaw/gateway-cert.pem -noout -fingerprint

Logs

# Gateway log showing TLS initialization:
$ tail -20 /tmp/gateway.log
[gateway] TLS certificate loaded from /sandbox/.openclaw/gateway-cert.pem
[gateway] Listening on https://127.0.0.1:18789
# ↑ Check if certificate is reused across restarts (GitHub issue #1094)

Checklist

• I confirmed this bug is reproducible
• I searched existing issues and this is not a duplicate

[dinuduke]

Exact Fix

File: Dockerfile lines 113-114

Problem: Auth token is generated at Docker BUILD time via secrets.token_hex(32) at line 114. This bakes the same token into every image instance.

Current code (line 114):

    'auth': {'token': secrets.token_hex(32)} \

Step 1 — Replace build-time token with a placeholder:

    'auth': {'token': '__RUNTIME_TOKEN_PLACEHOLDER__'} \

Step 2 — Add runtime token generation to the entrypoint (scripts/nemoclaw-start.sh, before the gateway launch at line 366):

# Generate unique auth token at first startup
CONFIG_FILE="/sandbox/.openclaw/openclaw.json"
if grep -q '__RUNTIME_TOKEN_PLACEHOLDER__' "$CONFIG_FILE" 2>/dev/null; then
  RUNTIME_TOKEN=$(python3 -c 'import secrets; print(secrets.token_hex(32))')
  # Create a writable copy in .openclaw-data
  cp "$CONFIG_FILE" /sandbox/.openclaw-data/openclaw.json
  sed -i "s/__RUNTIME_TOKEN_PLACEHOLDER__/$RUNTIME_TOKEN/" /sandbox/.openclaw-data/openclaw.json
  chmod 444 /sandbox/.openclaw-data/openclaw.json
  echo "[init] Generated unique gateway auth token" >&2
fi

Step 3 — Update the gateway to read from .openclaw-data if it exists, falling back to the image default.

Alternative for K8s: Mount a K8s Secret as the auth token:

volumes:
  - name: gateway-auth
    secret:
      secretName: nemoclaw-gateway-token

[latenighthackathon]

Good find — this looks related to #1376 and #1321 which track similar sandbox connection issues after gateway restart. Your follow-up about secrets.token_hex(32) at Dockerfile line 120 is an interesting separate observation — the comment at line 60 says "Unique per build to ensure each image gets a fresh auth token," so each docker build produces a different token. For the standard install flow where each user builds locally, each user gets a unique token. The concern would apply if someone distributed a pre-built image, but that's not the typical deployment path.

[paritoshd-nv]

Same issue as the : #1376
It was fixed in OpenShell 0.0.22;
I have tested on Spark and MacOS;
Please try with the latest OpenShell / NemoClaw builds , and let's know if you still see it.

% docker restart openshell-cluster-nemoclaw
openshell-cluster-nemoclaw

% nemoclaw my-assistant connect
✓ Active gateway set to 'nemoclaw'

  [2/8] Starting OpenShell gateway
  ──────────────────────────────────────────────────
  Stale gateway detected — attempting restart without destroy...
  Using pinned OpenShell gateway image: ghcr.io/nvidia/openshell/cluster:0.0.25
  Starting gateway cluster...
  Waiting for gateway health...
  ✓ Gateway is healthy
✓ Active gateway set to 'nemoclaw'
✓ Active gateway set to 'nemoclaw'

  OpenClaw gateway is not running inside the sandbox (sandbox likely restarted).
  Recovering...
→ Found forward on sandbox 'my-assistant'
✓ Stopped forward of port 18789 for sandbox my-assistant
✓ Forwarding port 18789 to sandbox my-assistant in the background
  Access at: http://127.0.0.1:18789/
  Stop with: openshell forward stop 18789 my-assistant
  ✓ OpenClaw gateway restarted inside sandbox.
  ✓ Dashboard port forward re-established.