Node-telegram-bot-api: webhook is unable to verify ssl cert
Question
I am following the express webhook example.
However, I received the following error when calling getWebHookInfo:
{
"url":"https://siutsin.com/bot123:xxx",
"has_custom_certificate":false,
"pending_update_count":2,
"last_error_date":1488284699,
"last_error_message":"SSL error {336134278, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed}",
"max_connections":40
}
I am able to use Postman to call to webhook URL and trigger the bot event.
I am able to cat the SSL cert and key inside the docker container
My code:
// simplified version
const app = express()
app.use(bodyParser.json())
const bot = new TelegramBot(process.env.TELEGRAM_BOT_TOKEN)
const webhook = `${process.env.WEBHOOK_URL}/bot${process.env.TELEGRAM_BOT_TOKEN}`
bot.setWebHook(webhook)
const routes = new Routes(app, bot)
routes.configRoutes(bot)
const botHandler = new BotHandler(bot)
bot.on('message', msg => botHandler.onMessage(msg))
bot.on('webhook_error', error => log.e(`webhook_error: ${JSON.stringify(error)}`))
// simplified version
import app from '../app'
app.set('port', 443)
const options = {
key: fs.readFileSync('/etc/ssl/server.key'),
cert: fs.readFileSync('/etc/ssl/server.crt')
}
const server = https.createServer(options, app)
server.listen(443)
I tried to follow HTTPS webhook example as well, but it stuck after launch and unable to receive any message from Telegram, with pending_update_count equals 2:
getWebHookInfo()
{
"url": "https://siutsin.com/bot123:abc",
"has_custom_certificate": true,
"pending_update_count": 2,
"max_connections": 40
}
Much appreciate if you can point out any of my mistake above, as I was stuck for couple days already...
siutsin
All 14 comments
Connection to https://siutsin.com is timing out! Can't seem to connect to your server.
The first guess off my head is that you are having an issue with your SSL certificates.
GochoMugo
on 7 Mar 2017
@GochoMugo I turned off the testing instance. As you can see from the postman's screenshot. POST to https returns OK. The SSL cert is generated from GoDaddy.
siutsin
on 7 Mar 2017
I have not used SSL certs from GoDaddy before, so I can not comment on that.
Side note: However, you might consider running a reverse proxy, say Nginx, that handles all the SSL stuff. That way you don't have to use SSL certs in your container. That setup seems easier to me.
GochoMugo
on 7 Mar 2017
Thanks for the hint and good point @GochoMugo, will try it out in the weekend
siutsin
on 7 Mar 2017
@siutsin have you signed you certificate? I generated a root certificate and sign the other one that I used for webhook. Before that I got the same exact error.
arashthk
on 28 Mar 2017
@arashthk it's not a self-signed certificate, I got it from Godaddy.
siutsin
on 29 Mar 2017
@arashthk it's not a self-signed certificate, I got it from Godaddy.
Hi @siutsin. Have you solved the problem? I have same issue...
Probably problem with certificates but, it have been working before...
GuillermoPena
on 15 Jan 2019
Hey @GuillermoPena sorry I changed my architecture so I am not able to verify this issue now.
siutsin
on 16 Jan 2019
Thanks @siutsin
@arashthk, when you created your .CSR file, you set in 'common name' parameter your server ip, don鈥檛 you?
I have created a root certificate and I have signed the other one but issue persists...
GuillermoPena
on 18 Jan 2019
I meet the same problem and I've solved it. If you use a none-self-signed certificate, the WebhookInfo should be as follows, the has_custom_certificate should be false or you may edit your code. Now check it.
https://api.telegram.org/[BOT_TOKEN]/getWebhookInfo
{"ok":true,"result":{"url":"https://example.com","has_custom_certificate":false,"pending_update_count":0,"max_connections":40}}
vcheckzen
on 12 Apr 2019
same error on let's encrypt certificate installed by cPanel.
someone please tell the whole complete story about this god damned error!
any manual actions about putting certificate files is needed? so what??!
i'm using webhook method on my framework on PHP and it works by same installed certificate like charm!
but in this unknown,un-well documented framework developed by Yagop, it's not working.
tell a complete story please.
makhloughi
on 11 May 2019
@makhloughi This issue was opened way back to early 2017. I am not aware of what is the new fixes or development implemented here. However, I believe it stated quite clearly in the license that there is no warranty or liability. You are on your own, and I think @yagop never forced you to use only his library.
I will suggest you open another issue and provide useful information instead.
siutsin
on 11 May 2019
@siutsin i'm agree with you. no one forced me to use this library. but the problem still exist and i asked if some one can help solve this issue which is appearing in google's 1st result in SERP. all technical information is mentioned by others above and i don't wanna open a duplicate issue and confuse same visitors.
apparently no one knows any technical solution. just chatting and advising.
if anyone can help with technical solution, please reply.
regards.
makhloughi
on 11 May 2019
@siutsin i'm agree with you. no one forced me to use this library. but the problem still exist and i asked if some one can help solve this issue which is appearing in google's 1st result in SERP. all technical information is mentioned by others above and i don't wanna open a duplicate issue and confuse same visitors.
apparently no one knows any technical solution. just chatting and advising.
if anyone can help with technical solution, please reply.
regards.
Perhaps this paragraph will help you.
vcheckzen
on 12 May 2019
Related issues
antonrifco
路
3Comments
Dohoon-Kim
路
3Comments
alikhil
路
3Comments
hems
路
3Comments
Panthro
路
3Comments
Most helpful comment
I have not used SSL certs from GoDaddy before, so I can not comment on that.
Side note: However, you might consider running a reverse proxy, say Nginx, that handles all the SSL stuff. That way you don't have to use SSL certs in your container. That setup seems easier to me.