NerdAxe – WiFi Credentials Case Sensitivity Fail

Verify SSID and password on a second device first. Take a phone, tablet, or laptop that has never connected to your home network before. Type the SSID and password into its WiFi settings exactly as you intend to use them on the NerdAxe. If the second device joins and reaches the internet, you have ground truth. If the second device fails, the credentials are wrong at the router - fix that side first. This single step catches roughly 30% of credential-typo tickets, because users frequently misremember the password they set during router setup.

Manually type credentials into the NerdAxe captive portal at `http://192.168.4.1` - never paste, ever, on the first attempt. Type the SSID and password character-by-character. Watch case as you type. Do not hit spacebar after the last character. Do not paste from any source. Manual entry is slower but eliminates the trailing-whitespace, smart-quote, zero-width-character, and homoglyph class of failures completely. If manual typing succeeds, you can switch to paste later for re-provisioning.

Reset NVS and retype. Disconnect USB-C. Press and hold `BOOT` on the NerdAxe PCB. Reconnect USB-C while still holding. Continue holding for a full 10 seconds after power is applied. Release. The device wipes NVS and emits a fresh `NerdAxe_XXXX` AP with no stored credentials. Reconnect, manually type credentials. This clears any prior failed attempts that might be sitting half-corrupted in NVS, and forces you to do a clean retype - which catches typos you did not notice on the first try.

Avoid look-alike character traps when typing. As you enter the password, mentally annotate each character: capital `O` or zero `0`? Lowercase `l` or `1` or capital `I`? Capital `S` or `5`? Em-dash or hyphen? If any of these are in your password, slow down at that character and confirm against your router admin. Pull your phone out and zoom into the password reference. The NerdAxe does not care about your eyesight - the byte either matches or it does not.

Use a short, simple ASCII password temporarily for provisioning. If your home WiFi password contains punctuation, special characters, or non-ASCII letters, change it temporarily at the router to a plain string like `MinerNet2024` for the duration of NerdAxe provisioning. Provision the NerdAxe. Confirm it is joined and mining. Then restore your original password at the router (and re-provision the NerdAxe), or - the Mining Hacker recommendation - leave it on a dedicated simple-password IoT SSID permanently. This avoids debugging keyboard-layout, special-character, and homoglyph issues during the trickiest moment of first-boot.

Connect a serial terminal at `115200 baud` and read the actual reason code. USB-C the NerdAxe to a laptop. Use PuTTY (Windows), Tera Term, the Arduino IDE serial monitor, `screen /dev/tty.usbmodem* 115200` on macOS / Linux, or `minicom`. Power-cycle the NerdAxe. Watch the boot log. The diagnostic gold is the line `wifi_disconnect reason: N`: `15 = AUTH_FAIL` (password byte mismatch), `201 = NO_AP_FOUND` (SSID byte mismatch or radio cannot scan it). Match the code to a root cause and target the fix instead of guessing.

Audit the password byte-by-byte in a plain-text editor. Open Notepad (Windows), TextEdit in Plain Text mode (macOS), or `nano` / `gedit` (Linux). Type or paste the password. Select all. Check the character count matches what your router admin shows for the password. Look for: trailing whitespace (cursor sits past the last visible char), zero-width characters (count higher than expected visible chars), and special-character mismatches (em-dash vs hyphen). Plain-text editors are unforgiving in a useful way - they show what is really there.

Inspect the SSID and password for hidden Unicode. Paste suspect text into a Unicode character inspector (e.g. `https://www.soscisurvey.de/tools/view-chars.php`). Each character is shown with its code point. ASCII letters are `U+0020` through `U+007E`. Anything outside that range is a candidate. Common surprises: non-breaking space (`U+00A0`), zero-width space (`U+200B`), curly quotes (`U+2018`/`U+2019`/`U+201C`/`U+201D`), Cyrillic look-alikes (`U+0421` Cyrillic `S` vs `U+0053` Latin `S`).

Check keyboard layout consistency. If your router was originally configured on a French Canadian / AZERTY / QWERTZ keyboard and you are typing the password on a US English keyboard now, special characters (`@`, `#`, ``, `|`, `^`, `~`, `` ` ``, `'`, `"`, `?`, `/`, `;`, `:`, `[`, `]`, `{`, `}`) may produce different bytes. Look at the router admin to see the password as stored, confirm your current keyboard layout produces the same characters when typed. This is the most-missed cause of NerdAxe AUTH_FAIL in mixed-language Canadian households.

Use a USB external keyboard to enter credentials. Phones with autocorrect, swipe keyboards, predictive text, or smart-quote substitution are credential-entry hazards. Plug a wired or Bluetooth keyboard into a laptop, join the laptop to `NerdAxe_XXXX`, open `http://192.168.4.1`, and type credentials with the external keyboard. Lower probability of an OS autocorrect feature silently fixing your password into something incorrect.

Watch the router admin auth log live during NerdAxe provisioning. Most routers (UniFi, ASUS, Eero, Google Nest WiFi, OpenWrt, pfSense, OPNsense, Bell Gigahub, Videotron Helix) expose a real-time wireless authentication log. Open the log. Provision the NerdAxe. Watch the events: `STA associated`, then `4-way handshake failed: WPA password mismatch`, then `STA disassociated`. Seeing the exact router-side log line confirms the failure is password-byte mismatch and not something more exotic. If the router shows the NerdAxe as authenticated but the NerdAxe still falls back to AP - that is a different issue (DHCP, IP conflict, AP isolation), see the related sibling page `nerdaxe-ap-mode-fallback-loop`.

Reflash the latest stable ESP-Miner-NerdAxe via Web Flasher if the captive portal looks misbehaved. If the portal accepts inputs that exceed expected length, drops characters during typing, or looks janky - the firmware itself may be on a bad build. Hold `BOOT`, tap `RESET`, release `BOOT` to enter ESP32-S3 bootloader mode. Open the AxeOS Web Flasher in Chrome / Edge / Opera (WebSerial required). Select the latest stable `BitMaker-hub/ESP-Miner-NerdAxe` release for your NerdAxe board revision from `https://github.com/BitMaker-hub/ESP-Miner-NerdAxe/releases`. Flash. Reprovision after the flash. CRITICAL: do not flash a stock Bitaxe Gamma firmware on the NerdAxe - the BM1368 firmware will brick BM1366 chip communication.

Provision via a `2.4 GHz` phone hotspot with verified ASCII-only credentials, then change creds later. iPhone: Settings > Personal Hotspot, set hotspot password to a plain ASCII string like `Mining2026`, enable Maximize Compatibility. Android: hotspot > band > `2.4 GHz only`, security WPA2. Provision the NerdAxe against the hotspot. Confirm join + mining. Then on the NerdAxe web UI, edit the WiFi credentials to the home network, save, the device reboots into the new credentials. Proves the hardware works with simple credentials and isolates the credential-typo problem from any hardware concern.

Check for OS-side autofill / paste interference using a fresh browser profile. Some password managers (1Password browser extension, iCloud Keychain Safari extension, Chrome saved passwords) auto-fill the captive portal's password field with credentials from a different network. If this happens, you typed `Network-A` SSID but the manager filled the password field with the password for `Network-B`. Use a fresh browser profile or an incognito / private window to provision, with the password manager browser extension disabled.

PSU sanity-check. NerdAxe runs on USB-C at `5 V / 3 A`. A flaky cable or undersized power brick that sags during the WiFi TX burst at the WPA2 4-way handshake moment can cause association to fail in a way that mimics a credential typo - the radio browns out mid-handshake. Swap to a known-good data-capable USB-C cable (not charge-only) and a wall brick rated for `5 V / 3 A` sustained. Avoid laptop USB-C ports during provisioning. If the boot log shows `Brownout detector was triggered` before the disconnect, this is the fix.

When to stop DIY. After Tier 1-3 (second-device verification, manual retype, NVS wipe, byte-by-byte audit, Unicode inspection, keyboard-layout check, serial console reason-code capture, phone hotspot provisioning success, current stable Web Flasher reflash), if your NerdAxe still rejects your home credentials with `wifi_disconnect reason: 15`, you almost certainly have an exotic credential issue - homoglyph in the router's stored password, keyboard-layout drift between provisioning machine and router config, or router-side enterprise WPA / EAP weirdness. Open a D-Central support ticket with your serial log and a screenshot of the router auth log; the team will help you triangulate the byte mismatch.

D-Central bench process for credential-failure NerdAxes. Intake log review. Known-good network on the bench (dedicated `2.4 GHz` SSID, `WPA2-Personal AES`, ASCII-only credentials). Web Flasher baseline reflash to current stable ESP-Miner-NerdAxe for the board revision. Provisioning attempt with bench credentials. Serial-console capture. NVS dump and corruption check. If the device joins clean on bench creds but fails on the customer's home creds, D-Central sends a written triage note back identifying the byte-level mismatch in the customer's stored password / SSID for them to fix at the router. Bench-diagnostic fee is flat and applies against any repair cost if hardware turns out to be the issue (rare on credential-typo cases).

Ship safely if shipping to D-Central. Anti-static bag for the NerdAxe board, 5 cm of foam on every side of the outer box. Include a note with: NerdAxe board revision (silkscreen or outer box), current ESP-Miner-NerdAxe firmware version, your router model and firmware version, the SSID and password you are trying to provision (kept confidential and used only for triangulation), observed serial-console reason code, and contact info. Context saves bench triage time and triage time saves your bench dollar. Canada-wide turnaround on NerdAxe-class work is typically 3-7 business days. US and international are welcomed - D-Central ships worldwide from Canada.