I need help configuring a webhook for my Telegram bot. I’m getting SSL certificate verification errors when trying to connect.
My setup includes a Windows Server 2019 machine on Azure with IIS running. The server has a custom domain and uses a self-signed SSL certificate. I built a REST API using C# .NET Core and it works fine when I test it locally with tools like Insomnia.
When I check the webhook status using the Telegram API, I get this response:
{
"ok": true,
"result": {
"url": "https://mydomain.com:443/api/webhook",
"has_custom_certificate": true,
"pending_update_count": 23,
"last_error_date": 1523561516,
"last_error_message": "SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}",
"max_connections": 100
}
}
I think the self-signed certificate is causing the problem but I’m not sure how to fix it. Has anyone dealt with similar SSL verification issues when setting up Telegram webhooks?
The self-signed certificate is your problem. Telegram’s webhook system needs proper SSL validation and won’t accept self-signed certs for security reasons. I faced the same issue two years ago when I deployed my first bot on a cheap VPS.
You have two options. First, acquire a proper SSL certificate from a trusted CA like Let’s Encrypt – it’s free and works well with Telegram webhooks. Since you’re on Azure, you can also use Azure’s managed certificates if your domain’s configured through their DNS.
Alternatively, you can upload your self-signed cert directly to Telegram when setting the webhook using the certificate parameter in the setWebhook API call. However, this method is more complex and I wouldn’t recommend it for production. Given that you’re already using Azure, I would suggest going with Let’s Encrypt or Azure managed certificates. The setup is straightforward and eliminates these validation issues.
Hit this same SSL error when I moved my bot from polling to webhooks last year. Your self-signed certificate is the problem, but there’s something else nobody mentioned yet. You’re on Azure with IIS, so grab Azure App Service certificates or set up Let’s Encrypt with the IIS Crypto plugin. Before you swap certificates though, clear those 23 pending updates first - call getUpdates or flip back to polling temporarily. Here’s what got me: even after I installed a proper certificate, I still had problems because my webhook URL wasn’t consistently returning 200 status codes. Check that your C# controller sends proper HTTP responses for both GET and POST requests to the webhook endpoint. Telegram randomly sends GET requests to verify the endpoint’s alive. The certificate verification error goes away once you’ve got a properly signed certificate, but make sure your Azure DNS domain config matches exactly what you’re using in the webhook URL.
Had the same headache with my Azure bot deployment last month. Check your IIS bindings - I wasted hours because port 443 wasn’t bound to my site with the SSL cert. Also make sure your .NET Core app is listening on the right port and path for your webhook URL. Windows Firewall got me too - it was blocking port 443 even though IIS looked fine. You need an inbound rule for HTTPS traffic. Since your API works locally with Insomnia, it’s definitely the SSL handshake between Telegram and your server. Fix the certificate first, but don’t skip these server config details - they cause the same symptoms.
yeah, i had the same issue too. self-signed certs just won’t cut it for telegram’s webhook. definitely go for a free let’s encrypt cert with certbot, it’s super easy and you’ll be set in no time!