Hey everyone! I’m having a tough time setting up my Telegram bot. I’ve gone through all the steps:
- Got my token from BotFather
- Made a self-signed SSL certificate
- Started the server with OpenSSL
- Set up the webhook
Everything seemed fine until Telegram tried to connect. Now I’m getting this error:
139690177754952:error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate unknown:s3_pkt.c:1257:SSL alert number 46
I can connect to my server just fine using OpenSSL’s s_client, but Telegram’s having issues. Any ideas on how to:
- Make OpenSSL act like Telegram when connecting?
- Fix this certificate problem and get my bot working?
I’m pretty stuck here. Any help would be awesome!
yo, i had similar probs. try usin a proper CA cert instead of self-signed. Let’s Encrypt is free n works great with telegram. also, check ur server time - outta sync clocks can mess things up. if ur still stuck, try nginx as a reverse proxy. it can handle the SSL stuff for ya
Having dealt with Telegram bot SSL issues myself, I can tell you it’s often due to certificate chain problems. Telegram’s servers are quite particular about this. Have you tried using the full certificate chain when setting up your webhook? Sometimes including the intermediate certificates can resolve these ‘unknown certificate’ errors.
Another aspect to consider is the cipher suite compatibility. Telegram might be trying to use a cipher that your server doesn’t support. You could try adjusting your server’s SSL configuration to use more common cipher suites.
If all else fails, consider using a reverse proxy like Nginx. It can handle the SSL termination, allowing you to use a valid certificate from a trusted CA while your bot runs on localhost. This approach has saved me countless headaches in similar situations.
I’ve been through this SSL certificate headache with Telegram bots before. From my experience, the issue often lies with self-signed certificates. Telegram’s servers are pretty strict about certificate validation.
Here’s what worked for me: ditch the self-signed cert and go for a free Let’s Encrypt certificate instead. It’s trusted by most systems, including Telegram. You’ll need a domain name, but there are plenty of cheap options out there.
If you’re adamant about using a self-signed cert, make sure you’re using the correct Common Name (CN) in your certificate. It should match your server’s domain exactly.
Another thing to check: ensure your server’s time is synced correctly. I once spent hours debugging only to realize my server clock was off, causing cert validation issues.
Lastly, double-check your SSL library versions. Outdated OpenSSL can cause weird issues like this. Updating might just solve your problem without much fuss.