So you've spun up an AlmaLinux 9 instance, installed OpenClaw, and... something's not working. Maybe the daemon won't start. Maybe the onboard wizard hangs. Maybe you're staring at a cryptic error about systemd user sessions. Don't worry — I've hit every one of these walls, and this guide covers the fixes.
If you haven't deployed yet and want the smoothest possible experience, the Tencent Cloud Lighthouse OpenClaw template pre-configures everything on a tested AlmaLinux 9 base. But if you're troubleshooting an existing setup or doing a manual install, read on.
loginctl enable-linger Fails or Has No EffectSymptom: You run loginctl enable-linger $(whoami) and either get a permission error or the daemon still dies when you close SSH.
Root cause: On AlmaLinux 9, lingering requires that your user has a proper systemd user session. If you're logged in via a non-standard method (some web-based terminals, certain SSH configurations), the session might not register correctly.
Fix:
# Verify your user session is registered:
loginctl list-sessions
# If your session shows up, enable linger:
sudo loginctl enable-linger $(whoami)
# Set the runtime directory explicitly:
export XDG_RUNTIME_DIR=/run/user/$(id -u)
# Verify linger is enabled:
ls /var/lib/systemd/linger/
# You should see your username listed
# IMPORTANT: Never hardcode credentials or tokens in these scripts.
# Use environment variables or the openclaw onboard wizard.
If list-sessions shows nothing, try logging in via standard SSH (not a web console) and retry.
Symptom: OpenClaw throws errors about unsupported syntax, import statements failing, or node: command not found.
Root cause: AlmaLinux 9's default repos ship older Node.js versions. OpenClaw requires Node.js 18+.
Fix:
# Check current version:
node -v
# If it's below 18, install via NodeSource:
curl -fsSL https://rpm.nodesource.com/setup_20.x | sudo bash -
sudo dnf install -y nodejs
# Verify:
node -v # Should show v20.x.x
If you're on a Tencent Cloud Lighthouse OpenClaw template, this is already handled — the template ships with the correct Node.js version pre-installed.
Symptom: openclaw daemon install exits with an error, or openclaw daemon start reports failure.
Root cause: Usually one of three things:
XDG_RUNTIME_DIR is not setsystemd user instance isn't runningFix:
# Step 1: Ensure XDG_RUNTIME_DIR is set
export XDG_RUNTIME_DIR=/run/user/$(id -u)
# Step 2: Check if systemd user instance is running
systemctl --user status
# If it's not running, start it:
systemctl --user start dbus
# Step 3: Check for port conflicts
ss -tlnp | grep 3000 # Default OpenClaw port
# If something else is using port 3000, stop it or reconfigure OpenClaw
# Step 4: Retry daemon installation
openclaw daemon install
openclaw daemon start
openclaw daemon status
Symptom: OpenClaw starts but can't reach external APIs (LLM providers, messaging platforms). You see ECONNREFUSED or timeout errors, but curl from the command line works fine.
Root cause: AlmaLinux 9 ships with SELinux in enforcing mode by default. Node.js processes running under systemd user services may be blocked from making outbound connections.
Fix (recommended — targeted policy adjustment):
# Check SELinux status:
getenforce
# Check for recent denials:
sudo ausearch -m avc -ts recent
# If you see denials related to node/openclaw, create a local policy:
sudo ausearch -m avc -ts recent | audit2allow -M openclaw-policy
sudo semodule -i openclaw-policy.pp
# Restart the daemon:
openclaw daemon restart
Quick workaround (not recommended for production):
# Temporarily set SELinux to permissive:
sudo setenforce 0
# To make it permanent (less secure):
# sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
Always prefer targeted policies over disabling SELinux entirely.
Symptom: Your messaging platform (Telegram, WhatsApp) can't reach your OpenClaw instance. Webhooks fail with timeout errors.
Root cause: AlmaLinux 9 uses firewalld by default, and your webhook port may not be open. Additionally, if you're on Tencent Cloud Lighthouse, you also need to configure the security group in the cloud console.
Fix:
# Open the webhook port in firewalld:
sudo firewall-cmd --permanent --add-port=3000/tcp
sudo firewall-cmd --reload
# Verify:
sudo firewall-cmd --list-ports
Then go to the Tencent Cloud Lighthouse console → your instance → Firewall tab → add a rule allowing TCP port 3000 (or whichever port OpenClaw uses for webhooks).
Symptom: openclaw onboard fails when trying to verify API keys or connect to messaging platforms. Error messages mention DNS or hostname resolution.
Fix:
# Test DNS resolution:
nslookup api.openai.com
# If it fails, check /etc/resolv.conf:
cat /etc/resolv.conf
# Add a reliable DNS server if needed:
echo "nameserver 8.8.8.8" | sudo tee -a /etc/resolv.conf
Honestly? Most of these issues disappear entirely when you use the pre-configured OpenClaw template on Tencent Cloud Lighthouse. The template handles Node.js versioning, daemon configuration, firewall rules, and SELinux policies out of the box. It's specifically tested on AlmaLinux 9.
If you're starting fresh or tired of debugging, head to the Tencent Cloud Lighthouse Special Offer:
For the full deployment walkthrough, see the one-click deployment guide.
# System info
cat /etc/almalinux-release
uname -r
# OpenClaw status
openclaw daemon status
# Logs (if daemon is running via systemd)
journalctl --user -u openclaw -f
# Network diagnostics
ss -tlnp | grep openclaw
curl -I https://api.openai.com
# SELinux audit
sudo ausearch -m avc -ts recent | grep openclaw
Troubleshooting is part of the game when you're running infrastructure. But it shouldn't be the whole game. If you want to spend your time building automations instead of debugging AlmaLinux quirks, the managed Lighthouse template is the right call.
Get started at the Tencent Cloud Lighthouse Special Offer:
Happy debugging — or better yet, happy not debugging.