Telegram gem and self-signed certificate
If anyone faced an issue after setting webhooks with self-signed certificate updates do not come to server. This article may help you.
For working with Telegram Bot I use telegram-bot-ruby gem
Here is my rake tasks:
desc 'create ssl'
task create_ssl: :environment do
cmd = "openssl req \
-newkey rsa:2048 \
-sha256 \
-nodes \
-keyout %{file_name_key} \
-x509 \
-days 365 \
-out %{file_name_pem} \
-subj \"/C=%{C}/ST=%{ST}/L=%{L}/O=%{O}/CN=%{host}\"
" %
{
:file_name_key => 'telegram.key',
:file_name_pem => 'telegram.pem',
:C => "IT",
:ST => "state",
:L => "location",
:O => "description",
:host => ENV["CERT_HOST"]
}
exec cmd
end
desc "set webhook"
task set_webhook: :environment do
Telegram::Bot::Client.run(TELEGRAM_TOKEN) do |bot|
hook_url = ENV["BOT_HOST"] + "/webhooks/telegram"
puts "Setting webhook url: #{hook_url}"
resp = bot.api.set_webhook url: hook_url, certificate: File.open('telegram.pem')
puts resp.inspect
end
end
After creation self-signed certificate and then setting webhook I ended up in a situation when I didn’t get update from telegram. I looked at nginx logs and saw following lines:
SSL_do_handshake() failed (SSL: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca:SSL alert number 48) while SSL handshaking
After days of googling I managed to figure out. Turned out
bot.api.set_webhook url: hook_url, certificate: File.open('telegram.pem')
didn’t do a work. It didn’t upload certificate.
Solution
I used a curl command:
curl -F "url=https://<HOSTNAME>/webhooks/telegram" -F "certificate=@<FULL_PATH_TO_CERT.pem" https://api.telegram.org/bot<BOT_TOKEN>/setWebhook
After this everything started working properly.