SSL Certificate Issues with Telegram Bot Webhook Setup

Other Questions Telegram bot
1

I’m having trouble setting up a Telegram bot with SSL certificates. I followed these steps but I’m getting SSL errors.

First, I obtained my bot token from BotFather. Then I created a self-signed certificate using this command:

openssl req -newkey rsa:2048 -sha256 -nodes -keyout private.key -x509 -days 365 -out public.pem -subj "/C=US/ST=California/L=San Francisco/O=MyCompany/CN=mydomain.example"

After that, I started the SSL server:

openssl s_server -accept 443 -key private.key -cert public.pem

Next, I set up the webhook:

curl -F "url=https://myserver:443/webhook" -F "[email protected]" https://api.telegram.org/botMYTOKEN/setWebhook

The response was successful: {"ok":true,"result":true,"description":"Webhook was set"}.

However, when Telegram tries to connect to my server, I receive this SSL error:

140234567890123:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1257:SSL alert number 46

When I test with openssl s_client -connect myserver:443, it works fine.

How can I simulate the Telegram client connection to debug this? Using -cert public.pem with s_client doesn’t help. What is the correct way to resolve this SSL issue and receive webhook data?

2

Had this exact issue last month. Telegram validates certificates differently than regular SSL clients. Your self-signed cert works with openssl s_client because it doesn’t do the same validation checks Telegram does. The error usually means Telegram can’t verify your certificate chain. If you’re using an IP instead of a domain name, try generating your certificate with the IP address in the SAN field. Also make sure your server’s actually responding on port 443 from the internet, not just locally. Testing with curl from an external server helped me catch connectivity issues that weren’t obvious with local testing.

3

telegram’s picky about ssl certs. add -servername mydomain.example when testing with s_client so it matches your cert’s cn. your webhook url domain needs to match exactly what’s in the certificate subject name or telegram will reject it.