#openai-codex gpt-5.4 chatgpt.com/backend-api cf-mitigated challenge html DNS lookup failed openclaw

1 messages · Page 1 of 1 (latest)

limpid meteor
#

OpenClaw TUI hangs for minutes when using openai-codex/gpt-5.4. Gateway logs show "DNS lookup for the provider endpoint failed" but the raw error is HTML from chatgpt.com/backend-api
with Cloudflare challenge/cf-mitigated. Has anyone fixed this on a server/VPS IP?

OpenClaw TUI hangs on simple prompts when configured for openai-codex/gpt-5.4.

What I found:

  • OpenClaw config definitely points to openai-codex/gpt-5.4
  • Cached provider metadata maps that to https://chatgpt.com/backend-api/v1
  • Gateway logs repeatedly say:
    • model=gpt-5.4 provider=openai-codex
    • LLM request failed: DNS lookup for the provider endpoint failed
    • raw error body is HTML
  • In the TUI I see that raw HTML dumped into the terminal
  • curl -I https://chatgpt.com/backend-api/v1 from the same box returns HTTP 403 with cf-mitigated: challenge
  • curl -I https://api.openai.com/v1/models behaves normally

So this looks less like a true DNS failure and more like Cloudflare challenging the ChatGPT backend route from this server IP.

untold stormBOT
supple micaBOT
#

To help others find answers, you can mark your question as solved via Right click solution message -> Apps -> ✅ Mark Solution

nocturne dewBOT
#

I found a couple of likely matching GitHub issues. I’m checking one to avoid guessing before I answer.

#

Yeah, that does not look like real DNS failure. It looks like openai-codex reaching the ChatGPT/Codex route and getting a Cloudflare challenge HTML page back.

I checked the current docs/code path:

  • openai-codex/* is the ChatGPT/Codex OAuth route
  • it intentionally goes to chatgpt.com/backend-api
  • openai/gpt-5.4 is the separate direct OpenAI API route

So your read is probably right: this is more like CF mitigation on that host/IP plus a misleading surfaced error string.

First thing, can you post:

openclaw --version
openclaw status --all
openclaw models status
# 
openclaw doctor

A few practical notes:

  1. If this is a VPS and you need reliability, use openai/gpt-5.4 with an API key

    • openai-codex/gpt-5.4 = ChatGPT/Codex OAuth
    • openai/gpt-5.4 = direct Platform API
    • For servers, the direct API path is usually the safer choice.

  2. Run openclaw doctor
    Recent docs note that stale models.providers.openai-codex overrides can shadow the built-in Codex OAuth routing.

  3. You can try forcing transport
    If you want a quick experiment:

# 
   {
     agents: {
       defaults: {
         models: {
           "openai-codex/gpt-5.4": {
             params: { transport: "websocket" }
           }
         }
       }
     }
   }

But honestly, if curl -I https://chatgpt.com/backend-api/v1 already returns cf-mitigated: challenge from that box, I would not expect a transport-only change to be a real fix.

Docs: