Skip to content

Self Signed Certificate

Jump to bottom Edit New page
danforth edited this page May 16, 2018 · 5 revisions

#Self-signed certificate tips A self-signed certificate allows you to handle Telegram webhook updates without a third party certification authority. As explained in the Official Telegram documentation you can generate your certificate with the following command:

openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"

Please notice that you must provide the address of you domain in the CN field.
If you don't have a domain you must provide the IP address of your server.

Server side

After the generation of the certificate you have to configure your server to handle the https connection properly. Here are some useful guides:

Set the Webhook

Now you can set your webhook by editing the set.php file and filling in all the missing fields:

  • API_KEY
  • BOT_NAME
  • $hook_url
  • $cert_pem

Here's an example:

<?php
// Load composer
require __DIR__ . '/vendor/autoload.php';

$API_KEY  = 'your_bot_api_key';
$BOT_NAME = 'namebot';
$hook_url = 'https://yourdomain.example/path/to/hook.php';
$cert_pem = 'path/to/YOURPUBLIC.pem';

try {
    // Create Telegram API object
    $telegram = new Longman\TelegramBot\Telegram($API_KEY, $BOT_NAME);

    // Set webhook
    $result = $telegram->setWebHook($hook_url, array('certificate' => $cert_pem));
    if ($result->isOk()) {
        echo $result->getDescription();
    }
} catch (Longman\TelegramBot\Exception\TelegramException $e) {
    echo $e;
}

Point your browser to the set.php file. If the request succeeded, the message Webhook was set is displayed.

Let's Encrypt

If you don't want to create your own certificate you can use Let's Encrypt. Let’s Encrypt is a free Certificate Authority, automated and open.
Here's a useful link explaining how to set up a certificate. Also, take a look at the acme.sh project for a super easy Let's Encrypt client.

Still having problems?

  • Check the CN address of your certificate. Open the hook.php file in your browser and check that SSL works.
  • Test your SSL, and tune your server SSL cipher in order to get the best rating possible. You can find great help here and here.
  • Enable your server request log in order to check if Telegram is reaching it.
  • Take a look at this issue.
Add a custom footer
Add a custom sidebar
Clone this wiki locally