-
-
Notifications
You must be signed in to change notification settings - Fork 963
Self Signed Certificate
#Self-signed certificate tips
Self signed certificate allow you handle Telegram webhook updates without a thirdly part certification authority.
As explained in the Telegram official documentation you have to generate your certificate with the following command:
openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"
Please notice that you must provide the address of you domain in the CN field.
If you don't have a domain you must provide the ip address of your server.
After the generation of the certificate you have to set up properly your server in order to handle https connection.
Here's some useful guide:
- Apache
- [Nginx] (https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04)
Now you can set your webhook, edit the hook.php file and fill all the missing field:
api_keybot_namehttps:\\webhook_linkpath_the_certicate/YOURPUBLIC.pem
<?php
// Load composer
require __DIR__ . '/vendor/autoload.php';
$API_KEY = 'your_bot_api_key';
$BOT_NAME = 'namebot';
$hook_url = 'https://yourdomain/path/to/hook.php';
try {
// Create Telegram API object
$telegram = new Longman\TelegramBot\Telegram($API_KEY, $BOT_NAME);
// Set webhook
$result = $telegram->setWebHook($hook_url,'path_to_the_certificate/YOURPUBLIC.pem');
if ($result->isOk()) {
echo $result->getDescription();
}
} catch (Longman\TelegramBot\Exception\TelegramException $e) {
echo $e;
}If the request succeed a message like: Webhook was set! will be shown.
If you don't want to create your own certificate you can exploit Let's Encrypt.
Let’s Encrypt is a free Certificate Authority, automated and open.
Here's a useful link.
- Check properly the address of your certificate, open it with your browser and check that ssl works.
- Test your ssl with https://www.ssllabs.com/ssltest/analyze.html, and tune your server ssl cipher in order to get the best rating as you can.
- Enable your server request log in order to understand if Telegram is reaching it.
- Take a look at this issue