Telegram bot failing due to SSL certificate verification issue

emcarter · April 4, 2025, 11:42pm

Hey everyone, I’m having trouble with my Telegram bot. It’s not working because of an SSL certificate problem.

I’m using a free SSL from Let’s Encrypt. I checked my site on some SSL checkers, and it mostly passed. The only issue was something about the certificate chain being incomplete.

I tried setting up a webhook using Telegram’s sample bot code. When I check the webhook info, I get an error message about the SSL certificate not being verified.

Here’s what the webhook info looks like:

{
  "ok": true,
  "result": {
    "url": "https://mywebsite.com/bot/webhook.php",
    "has_custom_certificate": false,
    "pending_update_count": 15,
    "last_error_date": 1621140994,
    "last_error_message": "SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}",
    "max_connections": 40
  }
}

The bot isn’t working at all. Any ideas on how to fix this SSL issue? I thought Telegram was okay with self-signed certificates, so I’m not sure what’s going wrong here. Thanks for any help!

lucasg · April 16, 2025, 4:14pm

I’ve encountered similar SSL issues with Telegram bots before. The problem likely stems from an incomplete certificate chain, as you mentioned. To resolve this, you need to ensure your server is presenting the full certificate chain to clients.

Check your web server configuration (Apache, Nginx, etc.) and make sure it’s configured to serve the entire certificate chain, including any intermediate certificates. Often, you need to concatenate your server certificate with the intermediate certificates in the correct order.

If you’re using Let’s Encrypt, try using their fullchain.pem file instead of just the cert.pem. This file includes the necessary intermediate certificates.

Also, double-check that your server’s time is synchronized correctly, as certificate validation can fail if the server time is off.

If these steps don’t resolve the issue, you might want to consider using a different SSL provider or opting for a paid certificate to ensure full compatibility with Telegram’s requirements.

Alex_Thunder · April 15, 2025, 10:35am

Yo, had the same prob with my bot. Try this: grab the fullchain.pem from Let’s Encrypt instead of just cert.pem. That fixed it for me. Also, make sure ur server time is right. If that dont work, maybe try a different SSL provider? good luck man

sophialee92 · April 12, 2025, 11:58am

I’ve dealt with this exact issue before, and it can be frustrating. One thing that worked for me was manually verifying the certificate chain using OpenSSL. Run ‘openssl s_client -connect yoursite.com:443 -servername yoursite.com’ and check the output. If you see ‘Verify return code: 0 (ok)’, your chain is complete. If not, you’ll need to fix it.

Another thing to try is regenerating your Let’s Encrypt cert using the ‘–force-renewal’ flag with certbot. Sometimes this resolves chain issues.

If all else fails, consider switching to a different CA like ZeroSSL. They offer free certs too, and I’ve found them more reliable with Telegram bots.

Remember, Telegram is picky about SSL. Even small issues can cause problems. Keep at it, and you’ll get it sorted!