A
A
Alexander Urich2016-11-28 15:39:04
PHP
Alexander Urich, 2016-11-28 15:39:04

How to correctly specify the certificate for the Telegram api?

Installing webhook for Telegram bot.
I use irazasyed/telegram-bot-sdk
I connected certificates from Let's encrypt to the domain. It created 4 files:
cert.pem
chain.pem
fullchain.pem
privkey.pem
nginx host settings set fullchain.pem and private.pem as private

listen 123.456.789:443 ssl;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/example.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.ru/privkey.pem;

When creating a webhook, I specify my url and the path to the certificate
use Telegram\Bot\Api;
$telegram = new Api('мой_токен_бота');

$telegram->setWebhook([
  'url' => 'https://example.ru/tgbot',
  'certificate' => __DIR__ . '/cert/fullchain.pub'
]);

Checking work:
$tg = new Telegram($token);
print_r($tg->getWebhookInfo());

Gives an error in response:
SSL error {336134278, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed}

I'm working with SSL for the first time ...
Tell me the right direction)

Answer the question

In order to leave comments, you need to log in

3 answer(s)
K
Konstantin, 2020-10-13
@VolkerRus

I'll add info for those who don't know.
Now Telegram already accepts self-signed certificates from Let's encrypt, it is enough to install the certificate on the server, in the case of nginx:
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/domain/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain/fullchain.pem;
and send fullchain.pem to telegram with the command:
curl -F "url= https://domains/ webhook address" -F "certificate=fullchain.pem" " https://api.telegram.org/botTOKEN/setwebhook "

A
Alexander Urich, 2016-12-08
@Urichalex

I'll answer myself)
For some reason, Telegram did not want to accept a certificate from Let's encrypt.
I ordered a certificate in the register - I accepted it without problems.
Same self-signed accepted

A
araqel, 2021-03-11
@araqel

Please, advise what needs to be done to get the same on the client on SIM800H SIMCOM, behind which stands ESP32. The certificate download is shown here: https://github.com/vshymanskyy/TinyGSM/tree/master...

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question