2026-01-06 01:46:25 -08:00
# MetaMask "Could not fetch chain ID" Error Fix
**Error**: "Could not fetch chain ID. Is your RPC URL correct?"
**Date**: 2025-01-27
**Network**: ChainID 138 (DeFi Oracle Meta Mainnet)
---
## 🔴 Problem
When trying to add or connect to ChainID 138 in MetaMask, you see the error:
> "Could not fetch chain ID. Is your RPC URL correct?"
This error occurs when MetaMask cannot communicate with the RPC endpoint.
---
## 🔍 Root Cause
The most common cause is that the RPC endpoint is requiring **JWT authentication ** , which MetaMask does not support. MetaMask can only connect to public RPC endpoints that don't require authentication.
**Expected Behavior**:
- Public RPC endpoint (`https://rpc-http-pub.d-bis.org` ) should accept requests WITHOUT authentication
- MetaMask should be able to call `eth_chainId` without any special headers
**Current Issue**:
- The endpoint is returning: `"Unauthorized. Missing or invalid JWT token"`
- This indicates the server is incorrectly configured with JWT authentication
---
## ✅ Solution: Fix MetaMask Network Configuration
### Step 1: Remove Existing Network
1. Open MetaMask
2. Click the network dropdown (top center)
3. Click "Settings" (gear icon) or go to Settings → Networks
chore: sync workspace — configs, docs, scripts, CI, pnpm, submodules
- Submodule pins: dbis_core, cross-chain-pmm-lps, mcp-proxmox (local, push may be pending), metamask-integration, smom-dbis-138
- Atomic swap + cross-chain-pmm-lops-publish, deploy-portal workflow, phoenix deploy-targets, routing/aggregator matrices
- Docs, token-lists, forge proxy, phoenix API, runbooks, verify scripts
Made-with: Cursor
2026-04-21 22:01:33 -07:00
4. Find "DeFi Oracle Meta Mainnet" or "SMOM-DBIS-138"
2026-01-06 01:46:25 -08:00
5. Click "Delete" or "Remove" to remove the network
### Step 2: Add Network with Correct RPC URL
1. Click "Add Network" → "Add a network manually"
2. Enter these **exact ** values:
```
chore: sync workspace — configs, docs, scripts, CI, pnpm, submodules
- Submodule pins: dbis_core, cross-chain-pmm-lps, mcp-proxmox (local, push may be pending), metamask-integration, smom-dbis-138
- Atomic swap + cross-chain-pmm-lops-publish, deploy-portal workflow, phoenix deploy-targets, routing/aggregator matrices
- Docs, token-lists, forge proxy, phoenix API, runbooks, verify scripts
Made-with: Cursor
2026-04-21 22:01:33 -07:00
Network Name: DeFi Oracle Meta Mainnet
2026-01-06 01:46:25 -08:00
RPC URL: https://rpc-http-pub.d-bis.org
Chain ID: 138
Currency Symbol: ETH
Block Explorer URL: https://explorer.d-bis.org (optional)
```
3. Click "Save"
**Critical Notes**:
- RPC URL **must ** be `https://rpc-http-pub.d-bis.org` (the public endpoint)
- Chain ID **must ** be `138` (decimal, NOT hex `0x8a` )
- Do NOT use `https://rpc-core.d-bis.org` (deprecated/internal)
- Do NOT use `https://rpc-http-prv.d-bis.org` (requires JWT auth)
### Step 3: Verify Connection
1. Switch to the network you just added
2. Check if your balance loads (should show ETH balance if you have any)
3. If you still get an error, proceed to the server-side fix below
---
## 🔧 Server-Side Fix (For Network Administrators)
If the error persists after updating MetaMask, the server configuration needs to be fixed.
### Architecture
The actual routing path is:
```
Internet → Cloudflare DNS/SSL → Cloudflared Tunnel → Nginx (VMID 2500) → Besu RPC (192.168.11.250:8545)
```
**Endpoints**:
- `https://rpc-http-pub.d-bis.org` → Routes to `http://192.168.11.250:8545`
- `wss://rpc-ws-pub.d-bis.org` → Routes to `ws://192.168.11.250:8546`
### Issue
The Nginx configuration on **VMID 2500 ** (`192.168.11.250` ) is incorrectly configured with JWT authentication for the public endpoint. It should serve `rpc-http-pub.d-bis.org` **WITHOUT ** authentication.
### Fix Steps
1. **Verify Nginx Configuration on VMID 2500 ** :
```bash
ssh root@192 .168.11.10 "pct exec 2500 -- cat /etc/nginx/sites-available/*"
ssh root@192 .168.11.10 "pct exec 2500 -- nginx -T | grep -A 20 'rpc-http-pub'"
```
2. **Check for JWT Authentication ** :
- Look for `auth_request` directives
- Look for Lua JWT validation scripts
- Check if `rpc-http-pub.d-bis.org` is configured with JWT
3. **Remove JWT Authentication from Public Endpoint ** :
- The Nginx config for `rpc-http-pub.d-bis.org` should NOT include JWT validation
- Remove any `auth_request` directives for the public endpoint
- Remove any Lua JWT validation scripts for the public endpoint
4. **Correct Nginx Configuration Should Look Like ** :
```nginx
# Public endpoint - NO authentication
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name rpc-http-pub.d-bis.org;
# SSL configuration...
location / {
proxy_pass http://127.0.0.1:8545;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# NO JWT authentication here!
}
}
# Public WebSocket endpoint - NO authentication
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name rpc-ws-pub.d-bis.org;
# SSL configuration...
location / {
proxy_pass http://127.0.0.1:8546;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# NO JWT authentication here!
}
}
```
5. **Test the Endpoint ** :
```bash
curl -X POST https://rpc-http-pub.d-bis.org \
-H "Content-Type: application/json" \
-d '{"jsonrpc":"2.0","method":"eth_chainId","params":[],"id":1}'
```
**Expected Response ** :
```json
{"jsonrpc":"2.0","id":1,"result":"0x8a"}
```
**If you get JWT error ** : JWT authentication is still enabled (wrong!)
6. **Restart Nginx ** :
```bash
ssh root@192 .168.11.10 "pct exec 2500 -- nginx -t"
ssh root@192 .168.11.10 "pct exec 2500 -- systemctl restart nginx"
```
7. **Verify Cloudflared Tunnel Routing ** :
- Check that Cloudflared tunnel is routing `rpc-http-pub.d-bis.org` to Nginx on VMID 2500
- Verify tunnel configuration matches the actual routing path
### Verify Configuration
| Endpoint | Should Require Auth? | Status |
|----------|---------------------|--------|
| `https://rpc-http-pub.d-bis.org` | ❌ NO | Should work without JWT |
| `https://rpc-http-prv.d-bis.org` | ✅ YES | Requires JWT (correct) |
---
## 📋 Troubleshooting Checklist
If the error persists, check:
- [ ] RPC URL is exactly `https://rpc-http-pub.d-bis.org` (no typos)
- [ ] Chain ID is `138` (decimal, not `0x8a` or hex)
- [ ] Network was removed and re-added after changing RPC URL
- [ ] Browser cache cleared and MetaMask reloaded
- [ ] Server endpoint responds to `eth_chainId` without JWT token
- [ ] Nginx on VMID 2500 is configured without JWT for public endpoint
- [ ] Cloudflared tunnel is routing `rpc-http-pub.d-bis.org` correctly
- [ ] Request path: Cloudflare → Cloudflared → Nginx (VMID 2500) → Besu RPC (192.168.11.250:8545)
---
## 🔗 Related Documentation
2026-01-06 02:25:38 -08:00
- [MetaMask Quick Start Guide ](/docs/01-getting-started/METAMASK_QUICK_START_GUIDE.md )
- [MetaMask Troubleshooting Guide ](/docs/09-troubleshooting/METAMASK_TROUBLESHOOTING_GUIDE.md )
- [RPC DNS Configuration ](/docs/04-configuration/RPC_DNS_CONFIGURATION.md )
- [RPC JWT Authentication ](/docs/04-configuration/RPC_JWT_AUTHENTICATION.md )
2026-01-06 01:46:25 -08:00
---
## 📞 Getting Help
If you continue to experience issues:
1. **Test the RPC endpoint ** using the curl command above
2. **Check MetaMask console ** for detailed error messages
3. **Verify network settings ** in MetaMask match the values above
4. **Contact network administrators ** if the server needs reconfiguration
---
**Last Updated**: 2025-01-27
**Status**: Active issue - requires server configuration fix
