I use a server with ISPmanager 5.8, OS Ubuntu Server 16.04. Port 443 is open, access from the outside is. I generate the key with the following command:

openssl req -newkey rsa: 2048 -sha256 -nodes -keyout tele.key -x509 -days 365 -out tele.pem -subj "/ C = RU / ST = Krasnodar Krai / L = Tuapse / O = telegram / CN = tele .zhirov.su "

Further, what I do ... Through Sublime I open tele.key and tele.pem, copy the code in ISPmanager when creating the certificate enter image description here

In the domain name of the site I attach this certificate - everything is successful. The browser sees the certificate.

Then I send the tele.pem telegram a key:

<form action="https://api.telegram.org/botТОКЕНБОТА/setwebhook" enctype="multipart/form-data"> <input type="hidden" name="url" value="https://tele.zhirov.su/bot.php"> <input type="file" name="certificate"> <input type="submit" value="Отправить данные"> </form>

In response, comes:

{"ok": true, "result": true, "description": "Webhook was set"}

I check with the command getWebhookInfo, I get this output:

{"ok": true, "result": {"url": " https://tele.zhirov.su/bot.php ", "has_custom_certificate": false, "pending_update_count": 0, "last_error_date": 1485273410, "last_error_message": "SSL error {336134278, error: 14090086: SSL routines: ssl3_get_server_certificate: certificate verify failed}", "max_connections": 40}}

I also tried to send such a command through the terminal:

 curl -F "url=https://tele.zhirov.su/bot.php" -F "certificate=tele.pem" "https://api.telegram.org/botТОКЕНБОТА/setwebhook"

I don’t know what to do ... Can I not add or send the certificate correctly?

    2 answers 2

    Telegrams added the possibility of self-signed certificates. Cool. Previously, there was no such happiness. I did it through a free Let's Encrypt certificate, which by the way works fine in browsers, unlike self-signed ones

    https://habrahabr.ru/post/270273/

    UPDATED So must fly

     function requestParams(array $data) { $has_resource = false; $multipart = []; array_walk($data, function (&$item) { is_array($item) && $item = json_encode($item); }); foreach ($data as $key => $item) { $has_resource |= is_resource($item); $multipart[] = [ 'name' => $key, 'contents' => $item, ]; } if ($has_resource) { return [ 'multipart' => $multipart, ]; } return [ 'form_params' => $data, ]; } $file = '/home/test/certificate.pem'; $data = [ 'url' => 'https://tele.zhirov.su/bot.php', 'certificate' => fopen($file, 'r'), ]; /**@var \GuzzleHttp\Client $client */ $response = $client->post("/bot{$APIKEY}/setWebhook", requestParams($data)); $result = (string)$response->getBody();
    • Yes, I know about Let's Encrypt. Only I cannot register new ones, I already have a limit on the domain. - azhirov1991
    • @ azhirov1991 if my memory serves me, there are only time limits, and they are quite allowable, in addition, there you can specify an alternative name, and this will be considered as a separate domain - etki
    • Well, I now tried to send a request - swears at the limit anyway. - azhirov1991

    Problem solved!

    In general, the thing was that I did not indicate the @ sign in sending the certificate:

     -F "certificate=tele.pem"

    It was necessary to do so:

     -F "certificate=@tele.pem"

    Be careful!)