What Self-Hosting OpenClaw Actually Costs (It's Not Just the VPS)
Every deployment guide says self-hosting OpenClaw costs $5-20/mo. I believed that too, until I started tracking where my time actually went. The VPS was the cheapest part.
Every deployment guide says self-hosting OpenClaw costs $5-20/mo. I believed that too, until I started tracking where my time actually went.
The VPS was the cheapest part of the whole operation.
What Everyone Budgets
You find a deployment guide. It walks you through spinning up a VPS, pulling the Docker image, setting up a reverse proxy. At the end, you do the math: maybe $7 on Hetzner, $48 if you want DigitalOcean's SLA. Add a domain, Let's Encrypt, your own API keys. Call it $20-100/mo depending on how fancy you get.
For reference, here's what a 4 vCPU / 8 GB instance actually costs in 2026:
| Provider | Monthly | The catch |
|---|---|---|
| Contabo | ~$5 | Oversold shared vCPUs. Performance varies. |
| OVH | ~$6.50 | Free daily backups. Honest value. |
| Hetzner | ~$9 | No SLA. US regions get 1 TB transfer, not 20 TB. Price increased Apr 2026. |
| GCP (1yr commit) | ~$37 | On-demand is $49. Add $3-5 for disk. |
| Vultr | $40 | Straightforward. No surprises. |
| DigitalOcean | $48 | Best SLA. Best marketplace. Price reflects it. |
Feels reasonable. You pick a provider, provision the box, get the agent running. Whole thing takes an evening.
And then the month starts.
Week 1: The Patch
OpenClaw ships patches 2-3 times a month. Not feature releases. Security patches. The kind you can't ignore because the last round of CVEs included a pre-auth remote code execution.
So Tuesday morning, I see the release. Pull the new image. Read the changelog to make sure nothing breaks. Restart the container. Verify the agent comes back and the skills still load.
45 minutes. Fine. That's the job.
Week 2: The Key I Forgot About
Routine API key rotation. I open the docker-compose file and there it is. The OpenAI key, hardcoded directly in the environment block. Not pulled from .env. Just sitting there in plaintext, committed to a private repo I haven't thought about since setup day.
# How it was (bad)
services:
openclaw:
environment:
- OPENAI_API_KEY=sk-proj-abc123...# How it should have been
services:
openclaw:
env_file:
- .envI know better than this. Everyone knows better than this. But setup day was three weeks ago, and setup day me was in a hurry to see the agent respond to a message. Setup day me cut a corner and moved on.
Rotated the key. Fixed the compose file. Tested everything. 50 minutes, plus the quiet dread of wondering how long that key was sitting there.
Week 3: The Silent Failure
This one cost me three hours and some trust.
The agent had been silently disconnecting from the gateway every six hours or so. No error in the container logs. No alert. Nothing in the dashboard. From my side, everything looked fine.
From the user's side, they'd open the chat and get nothing. Just silence. For how long before I noticed? I don't actually know. That's the part that bothered me.
The fix was a health check I should have written on day one:
#!/bin/bash
response=$(curl -s -o /dev/null -w "%{http_code}" http://localhost:18789/health)
if [ "$response" != "200" ]; then
docker restart openclaw-agent
echo "$(date): Agent restarted" >> /var/log/openclaw-health.log
fi# crontab: every 5 minutes
*/5 * * * * /opt/openclaw/health-check.shThree hours of debugging. The silent part was worse than the broken part. An agent that crashes loudly is annoying. An agent that fails quietly erodes confidence.
Week 4: Sunday Night
11pm on a Sunday. A skill tried to load a large PDF into context. The container hit its memory ceiling. The kernel OOM-killed it. No graceful shutdown, no notification, no restart. Just gone.
I found out Monday morning when I saw a client message that had gone unanswered for nine hours.
90 minutes to set up memory limits and alerting. The kind of work that feels urgent at 7am on a Monday, standing in the kitchen, coffee not yet made, reading a notification that should have woken me up at 11pm but didn't because the alerting didn't exist yet.
Adding It Up
Here's what the month cost:
| Hours | What happened | |
|---|---|---|
| Security patching | ~1 hr | One patch cycle. Some months it's two. |
| Credential rotation | ~1 hr | Plus the cold sweat of finding a hardcoded key. |
| Monitoring + debugging | ~3 hrs | The silent WebSocket failure. |
| Unplanned incident | ~1.5 hrs | Sunday night OOM kill. |
| Total | ~6.5 hrs |
Call it 4-7 hours in a typical month. Some months less. Some months the WebSocket thing happens and it's more.
Now put a number on your time. If you bill $100/hr (and if you're running an AI agent for professional work, your rate is probably higher), that's $400-700/mo in time. On top of whatever you pay for the VPS.
| Provider | Infra cost | + Time (4 hrs × $100) | What you actually pay |
|---|---|---|---|
| Hetzner | ~$9 | $400 | ~$409/mo |
| OVH | ~$7 | $400 | ~$407/mo |
| Vultr | ~$48 | $400 | ~$448/mo |
| DigitalOcean | ~$58 | $400 | ~$458/mo |
Pick any provider. The VPS is a rounding error. You're paying $400/mo no matter where the box lives.
This Isn't Like Self-Hosting Plex
I've self-hosted plenty of things. Nextcloud. Plex. Home Assistant. Gitea. None of them cost me this much time per month.
AI agents are a different animal. External API keys that expire on different schedules. A patch cadence of 2-3 times a month because the security surface is still being mapped (7+ CVEs in four months). Third-party skills that run arbitrary code inside your agent. 341 malicious skills found on ClawHub in a single audit.
And the stakes are different. Plex going down means someone can't watch a movie. Your AI agent going down means a client message goes unanswered for nine hours. The data inside it isn't your media library. It's documents, API keys, conversation history. Potentially client data.
The operational weight is structurally heavier than most self-hosted software. That's not a temporary problem. That's the nature of what this software does.
When Self-Hosting Is Still the Right Call
If you're learning how AI agents work under the hood, self-host. It's the best way to understand what's actually happening. If you need to modify the runtime itself, self-host. If infrastructure is your hobby and your homelab is where you unwind on weekends, self-host and enjoy it. If you already have an ops team managing servers, the marginal cost of one more container is low.
For all of those cases, Hetzner at $7.50/mo is hard to beat. OVH's free backups are a nice touch. Go for it.
When It Isn't
If infrastructure time is a cost, not recreation, the math is hard to argue with.
The VPS costs $7-48. Your time costs $400. The total is $407-448/mo, and it doesn't matter which provider you pick because your time dwarfs the infrastructure line.
I built Vessel because I got tired of the Sunday nights. Managed OpenClaw on a dedicated GCP VM, Cloudflare Tunnel, security patches applied, monitoring built in. $39/mo flat. Same BYOK model, so your API key costs stay the same either way.
Not better than self-hosting. A different tradeoff. One where the $400/mo line item disappears.
Free tools: OpenClaw security checker, config generator.
