Skip to content

telegram bot SSL error: SSL error {error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}

I use let’s encrypt free SSL (my host provider support it by default), I checked my site at (the only warning was: The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider.) and the result was that my site passed all tests, except Certificate Chain Complete. so i don’t think the problem is from the certificate, telegram accepts self-signed certificate as i know.

I’ve tried to use telegram sample bot at, after I set webhook URL, I checked my bot at[my-token]/getWebhookinfo

the result was:

  "ok": true,
  "result": {
    "url": "",
    "has_custom_certificate": false,
    "pending_update_count": 17,
    "last_error_date": 1521140994,
    "last_error_message": "SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}",
    "max_connections": 40

and the bot doesn’t work at all.



Yes, the problem is with your certificate.

The error in your getWebHookInfo:

"last_error_message":"SSL error {337047686, error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed}"

Is Telegram saying that it needs the whole certificate chain (it’s also called CA Bundle or full chained certificate).

How to check your certificate:

You can use the SSL Labs SSL Server Test service to check your certificate:

Just pass your URL like the following example, replacing with your host:

If you see “Chain issues: Incomplete” you do not serve a full chained certificate.

How to fix:

Download the full chained certificate for your SSL certificate provider and install this on your webserver.

I don’t know which service you are using, but for my example, with gunicorn I solved adding the ca-certs with ca-bundle file sent by my SSL Certificate provider (In my case Namecheap Comodo) on my SSL configuration, like the following example:

ca_certs = "cert/"

For further information: @martini answer on this thread and the FIX: Telegram Webhooks Not Working post.

10 People found this is helpful