不允许使用通配符证书.

https://core.telegram.org/bots/webhooks#the-短版

1. 提供受支持的、非通配符、经过验证或自签名的证书.
2. 使用与您在设置时提供的域匹配的 CN 或 SAN.
3. 提供所有中间证书以完成验证链.

Server: Win Server 2012
Web server: IIS 8.5
Project: Asp.Net MVC

I bought a wildcard SSL certification for my domain and its subdomains and installed it on my server and bound to the website (in IIS).

It show green secure HTTPS in browser.

I used Telegram SetWebhook with my webhook URL (Something like this: https://webhook.example.com/api/WebhookAction/)

But when i run Telegram GetWebhookInfo it return certificate verify failed error:

{  
   "ok":true,
   "result":{  
      "url":"https://webhook.example.com/api/WebhookAction/",
      "has_custom_certificate":false,
      "pending_update_count":1,
      "last_error_date":1489066503,
      "last_error_message":"SSL error {336134278, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed}",
      "max_connections":40
   }
}

What do you think about this problem?

• Should i change the Webhook Url to a None-SubDomain address like this: https://mydomain:8443/api/WebhookAction ?
• Has my SSL any problem (for example should be a None-Wildcard SSL)?

---

Edit

Also i tried:

Self-Signed Certificate way

A) I Created a Self Signed Certificate by the following OpenSSL command instead of the Wildcard SSL

openssl req -newkey rsa:2048 -sha256 -nodes -keyout MyDomain_private_key.key -x509 -days 365 -out MyDomain_public.pem -subj "/C=US/ST=New York/L=MyDomain/O=MyDomain/CN=webhook.example.com"

B) Then i created a PFX from the output files by this command:

openssl pkcs12 -export -out MyDomain.pfx -inkey MyDomain_private.key -in MyDomain_public.pem -certfile MyDomain_public.pem

C) Then i installed the MyDomain.pfx on the server and bind it to the Https://webhook.mydomain.com.

D) Also i used the MyDomain_public.pem file in the SetWebhook command as the certification file (with both a third library and Curl command).

The Curl command:

curl -F "url=https://webhook.example.com/api/Webhookaction/" -F "certificate=C:\path\mydomain_public.pem" https://api.telegram.org/bot[TOKEN]/setWebhook

But when i call GetWebhookInfo API command, it return this error:

{  
   "ok":true,
   "result":{  
      "url":"https://api.telegram.org/bot[token]/setWebhook?url=https://webhook.mydomain.com/api/webhookaction/",
      "has_custom_certificate":true,
      "pending_update_count":1,
      "last_error_date":1489126755,
      "last_error_message":"SSL error {336134278, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed}",
      "max_connections":40
   }
}

What is my mistake?

You are not allowed to use wild card certificates.

https://core.telegram.org/bots/webhooks#the-short-version

1. Provides a supported, non-wildcard, verified or self-signed certificate.
2. Uses a CN or SAN that matches the domain you’ve supplied on setup.
3. Supplies all intermediate certificates to complete a verification chain.