Telegram messenger recently released an API that lets you easily create bots for their platform. After deciding to have a bit of a play with it, I found that I had an issue where the webhooks would not send any updates to my server with no apparent error.
The Problem
I made all the following checks:
- Valid SSL certificate
- Webhook successfully registered using the Telegram setWebhook method
- The method responded properly when I sent a test request using a REST service tester
- Server access logs – look like Telegram had never even hit the server
The Solution
After a full day of searching, testing and bashing my head against the keyboard, I found this thread on Reddit, where the user described a problem where a full chained certificate was required on the server, not just the server certificate.
To create chained certificate you’ll need to have a look at what instructions your certificate issuer provides.
In my case the certificate being used was a Comodo PositiveSSL, for which I downloaded all the certificates that they sent, which contained:
- Root CA Certificate – AddTrustExternalCARoot.crt
- Intermediate CA Certificate – COMODORSAAddTrustCA.crt
- Intermediate CA Certificate – COMODORSADomainValidationSecureServerCA.crt
- Your PositiveSSL Certificate – my_domain.crt
I had to combine them all into a file in the following order:
- my_domain.crt
- COMODORSADomainValidationSecureServerCA.crt
- COMODORSAAddTrustCA.crt
- AddTrustExternalCARoot.crt
For the example above the command would have been:
cat my_domain.crt COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt > bundle.crt
After that it was just a case of uploading the new bundle.crt to my server, updating the nginx config, and hey presto, within minutes I was receiving all the responses for my webhooks