DigitalOcean

Report this

What is the reason for this report?
Question

Webhook was not set! Error: 400 Bad Request: bad webhook: Failed to set custom certificate file

Posted on April 22, 2019
Ubuntu 18.04
Apache
PHP
feduzimatteo

By feduzimatteo

Hi, I have to set the webhook of my Telegram bot but when I go to execute the command from the php setHook.php terminal this is what gives me:

Webhook was not set! Error: 400 Bad Request: bad webhook: Failed to set custom certificate file

So I tried to look in the file error.log to see if I could find the problem there:

[Mon Apr 22 06:25:04.889464 2019] [ssl:warn] [pid 25110:tid 139846785301440] AH01906: ec2-18-188-25-109.us-east-2.compute.amazonaws.com:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Mon Apr 22 06:25:04.889716 2019] [ssl:error] [pid 25110:tid 139846785301440] AH02217: ssl_stapling_init_cert: can't retrieve issuer certificate! [subject: emailAddress=feduzimatteo@gmail.com,CN=ec2-18-188-25-109.us-east-2.compute.amazonaws.com,OU=Matteo Feduzi,O=Matteo Feduzi,L=Fermignano,ST=Italia,C=IT / issuer: emailAddress=feduzimatteo@gmail.com,CN=ec2-18-188-25-109.us-east-2.compute.amazonaws.com,OU=Matteo Feduzi,O=Matteo Feduzi,L=Fermignano,ST=Italia,C=IT / serial: B15B0C7C5212BFA0 / notbefore: Apr 21 16:10:39 2019 GMT / notafter: Apr 20 16:10:39 2020 GMT]
[Mon Apr 22 06:25:04.889727 2019] [ssl:error] [pid 25110:tid 139846785301440] AH02604: Unable to configure certificate ec2-18-188-25-109.us-east-2.compute.amazonaws.com:443:0 for stapling
[Mon Apr 22 06:25:04.889794 2019] [mpm_event:notice] [pid 25110:tid 139846785301440] AH00489: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.0g configured -- resuming normal operations
[Mon Apr 22 06:25:04.889800 2019] [core:notice] [pid 25110:tid 139846785301440] AH00094: Command line: '/usr/sbin/apache2'

How can I solve this problem and let my Telegram bot speak correctly with my Amazon EC2 server?

Sincerely, Feduzi Matteo.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
May 15, 2023

Hi there,

Based on the error message you’re seeing, it appears the issue is related to the SSL certificate being used by your server. Telegram requires a valid SSL certificate to set up a webhook.

The error message server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) suggests that the certificate currently being used by your server is a Certificate Authority (CA) certificate, not a server certificate.

The primary role of a CA certificate is to sign other certificates. It’s not intended to be used as a server certificate.

Here are a few steps you can take to resolve this issue:

  1. Check your SSL certificate: You need to make sure that you are using a valid SSL certificate issued by a recognized Certificate Authority. Self-signed certificates won’t work with Telegram.

  2. Check your SSL configuration: Ensure that your SSL certificate is correctly installed and configured on your server. This involves pointing your server configuration to the correct locations of the certificate and private key files.

  3. Use a service like Let’s Encrypt: If you don’t have a valid SSL certificate, you can obtain a free one from Let’s Encrypt, which is recognized by most modern browsers and services, including Telegram:

    https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04

  4. Check your server’s firewall settings: Ensure your server’s firewall is not blocking incoming connections from Telegram. Telegram’s IP addresses can be found in their official documentation.

  5. Check your server’s DNS settings: Ensure your server’s DNS settings are correctly pointing to your server and that the SSL certificate matches the server’s domain name.

Once you have ensured that your SSL certificate is correctly set up, you should be able to set up the webhook without any issues.

Best,

Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.