Reputation: 1321
Unable to use Let's Encrypt cert in Telegram bot webhook (Self-Signed cert works fine)
I am trying to setup my Telegram bot webhook using a Let's Encrypt certificate but Telegram keeps saying verification_failed. Browsers, however, are totally fine with new Let's Encrypt certificate.
My self-signed certificate is currently working fine in webhooks on my Ubuntu 17.04 with Nginx web server.
What am i missing?
Current self-signed certificate setup (Works)
I generated my certificate using this command:
openssl req -newkey rsa:2048 -sha256 -nodes -keyout my-cert.key -x509 -days 365 -out my-cert.pem -subj "/C=CA/ST=Ontario/L=Toronto/O=My Organization/CN=example.org"
and Nginx configuration:
server {
server_name example.org www.example.org localhost;
listen 443 ssl;
listen 8080 ssl;
listen 8443 ssl;
ssl_certificate /etc/nginx/certificates/my-cert.pem;
ssl_certificate_key /etc/nginx/certificates/my-cert.key;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
location ~* ^/bots/mybot/webhook/.+$ {
proxy_pass http://0.0.0.0:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
New Let's Encrypt setup (Works in browsers, Fails in webhooks)
Certificate is generated for my domain using EFF's great certbot.
When setting Telegram's webhook, I use /etc/letsencrypt/live/example.org/cert1.pem file.
This is Nginx configuration I tried:
server {
server_name example.org www.example.org localhost;
listen 80;
listen [::]:80;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
server {
server_name example.org www.example.org localhost;
listen 443 ssl;
listen 8080 ssl;
listen 8443 ssl;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
location ~* ^/bots/mybot/webhook/.+$ {
proxy_pass http://0.0.0.0:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Upvotes: 3
Views: 4538
Answers (1)
Reputation: 2126
I tried this a while ago myself with an Apache webserver but on Ubuntu 17.04 too with letsencrypt and it works fine.
You mentioned that you used the setwebhook?url= method with an additional argument (passing the certificate...). Somehow this isn´t needed. You can just enter the url starting with https:// and you are fine.
Upvotes: 4
Related Questions
- In webhook what is has_custom_certificate: false?
- telegram bot webhook self-signed certificate problem
- Got problems with webhook to Telegram Bot API
- Telegram Bot - Webhook SSL error with letsencrypt Certificate
- Including intermediate certificates from Letsencrypt in Nginx SSL setup
- Telegram Bot SSL Error
- Telegram webhook: Why i get ssl3_get_server_certificate:certificate verify failed Error when i call GetWebhookInfo API command?
- Telegram BOT - setWebhook not working
- Telegram Bot API Webhooks Self-signed Certificate issue
- Telegram bot api and Webhook with SSL