问题描述

我使用免费的SSL加密(默认情况下，我的主机提供商支持它)，我在sslshopper.com上检查了我的网站(唯一的警告是:The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.)和 https://www.geocerts .com/ssl_checker 结果是我的站点通过了除Certificate Chain Complete之外的所有测试.所以我不认为问题出在证书上，电报据我所知接受自签名证书.

I use let's encrypt free SSL (my host provider support it by default),I checked my site at sslshopper.com (the only warning was:The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider. ) and https://www.geocerts.com/ssl_checkerthe result was that my site passed all tests, except Certificate Chain Complete. so i don't think the problem is from the certificate, telegram accepts self-signed certificate as i know.

我尝试在 https://core.telegram.org上使用电报示例bot/bots/samples/hellobot ，设置Webhook URL后，我在 https://api.telegram中检查了我的漫游器. org/bot [my-token]/getWebhookinfo

I've tried to use telegram sample bot at https://core.telegram.org/bots/samples/hellobot,after I set webhook URL, I checked my bot at https://api.telegram.org/bot[my-token]/getWebhookinfo

结果是:

{ "ok": true, "result": { "url": "https://itest.gigfa.com/tlg1/tlg1.php", "has_custom_certificate": false, "pending_update_count": 17, "last_error_date": 1521140994, "last_error_message": "SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}", "max_connections": 40 }}

{ "ok": true, "result": { "url": "https://itest.gigfa.com/tlg1/tlg1.php", "has_custom_certificate": false, "pending_update_count": 17, "last_error_date": 1521140994, "last_error_message": "SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}", "max_connections": 40 }}

该机器人完全无法工作.

and the bot doesn't work at all.

推荐答案

是的，问题出在您的证书上.

Yes, the problem is with your certificate.

您的getWebHookInfo中的错误:

The error in your getWebHookInfo:

"last_error_message":"SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}"

电报是说它需要整个证书链(也称为CA Bundle或全链证书).

Is the Telegram saying that it needs the whole certificate chain (it's also called CA Bundle or full chained certificate).

您可以使用SSL实验室 SSL服务器测试服务来检查您的证书:

You can use the SSL Labs SSL Server Test service to check your certificate:

只需像以下示例一样传递您的网址，即可将 valde.ci 替换为主机:

Just pass your url like the following example, replacing valde.ci with your host:

https://www.ssllabs .com/ssltest/analyze.html?d = valde.ci& hideResults = on& latest

如果看到链接问题:未完成" ，则表示您没有提供完整的链式证书.

If you see "Chain issues: Incomplete" you do not serve a full chained certificate.

为您的SSL证书提供商下载完整的链式证书，并将其安装在您的网络服务器上.

Download the full chained certificate for your SSL certificate provider and install this on your webserver.

我不知道您在使用哪种服务，但是对于 gunicorn 的示例，我解决了添加ca-bundle文件的href ="http://docs.gunicorn.org/en/stable/settings.html#ca-certs" rel ="nofollow noreferrer"> ca证书我的SSL配置上的提供商(在我的情况下 Namecheap Comodo ) ，例如以下示例:

I don't know which service you are using, but for my example with gunicorn I solved adding the ca-certs with ca-bundle file sent by my SSL Certificate provider (In my case Namecheap Comodo) on my SSL configuration, like the following example:

ca_certs = "cert/my-service.ca-bundle"

有关更多信息: @martini 对此线程和 FIX:电报Webhooks不起作用帖子.

For further information: @martini answer on this thread and the FIX: Telegram Webhooks Not Working post.

这篇关于电报漫游器SSL错误:SSL错误{error:1416F086:SSL例程:tls_process_server_certificate:证书验证失败}的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！