Zamad 3.1.x : Telegram bot - not any responce

Hello. Tonight zammad got update, so my version is latest literally (but GUI still shows 3.1.x).
Telegram bot does not work. I did all movements from manual, connect my bot to zammad, got nice green indicator and that is all. When I typing in bot chat /start (enter) bla bla bla (enter), nothing received as ticket. in zammad production log i see only info messages.
My certificate bundle was updated today, https://api.telegram.org are fine.


I, [2019-10-09T00:07:10.027633 #796-47280003983240] INFO – : Started GET “/api/v1/channels_telegram?=1570568801793" for 10.10.3.10 at 2019-10-09 00:07:10 +0300
I, [2019-10-09T00:07:10.035439 #796-47280003983240] INFO – : Processing by ChannelsTelegramController#index as JSON
I, [2019-10-09T00:07:10.035545 #796-47280003983240] INFO – : Parameters: {"
”=>“1570568801793”}
I, [2019-10-09T00:07:10.067842 #796-47280003983240] INFO – : Completed 200 OK in 32ms (Views: 2.7ms | ActiveRecord: 6.2ms)
I, [2019-10-09T00:07:15.774422 #866-70021288195740] INFO – : execute Channel.fetch (try_count 0)…
I, [2019-10-09T00:07:40.617310 #796-47280003981840] INFO – : Started PUT “/api/v1/channels_telegram/5” for 10.10.3.10 at 2019-10-09 00:07:40 +0300
I, [2019-10-09T00:07:40.626045 #796-47280003981840] INFO – : Processing by ChannelsTelegramController#update as JSON
I, [2019-10-09T00:07:40.626221 #796-47280003981840] INFO – : Parameters: {“api_token”=>“TOKEN_DELETED_BUT_IT_WAS_HERE”, “welcome”=>“Hello! Your Killerbo… Sorry, Supportbot online.”, “group_id”=>“1”, “id”=>“5”}
I, [2019-10-09T00:07:42.654289 #796-47280003981840] INFO – : Completed 200 OK in 2028ms (Views: 1.3ms | ActiveRecord: 10.7ms)
I, [2019-10-09T00:07:43.025854 #796-47280003982200] INFO – : Started GET “/api/v1/channels_telegram?=1570568801794" for 10.10.3.10 at 2019-10-09 00:07:43 +0300
I, [2019-10-09T00:07:43.033884 #796-47280003982200] INFO – : Processing by ChannelsTelegramController#index as JSON
I, [2019-10-09T00:07:43.033992 #796-47280003982200] INFO – : Parameters: {"
”=>“1570568801794”}
I, [2019-10-09T00:07:43.072054 #796-47280003982200] INFO – : Completed 200 OK in 38ms (Views: 3.4ms | ActiveRecord: 5.9ms)
I, [2019-10-09T00:07:46.387402 #866-70021288195740] INFO – : execute Channel.fetch (try_count 0)…
2019-10-09T00:08:30.331541 #796-47280002903780] INFO – : Started PUT “/api/v1/channels_telegram/5” for 10.10.3.10 at 2019-10-09 00:08:30 +0300
I, [2019-10-09T00:08:30.339746 #796-47280002903780] INFO – : Processing by ChannelsTelegramController#update as JSON
I, [2019-10-09T00:08:30.339892 #796-47280002903780] INFO – : Parameters: {“api_token”=>“TOKEN_DELETED_BUT_IT_WAS_HERE”, “welcome”=>“Hello! Your Killerbo… Sorry, Supportbot online.”, “group_id”=>“1”, “id”=>“5”}
I, [2019-10-09T00:08:30.738129 #796-47280002903780] INFO – : Completed 200 OK in 398ms (Views: 1.3ms | ActiveRecord: 10.2ms)
I, [2019-10-09T00:08:31.097863 #796-47280003981460] INFO – : Started GET “/api/v1/channels_telegram?=1570568801795" for 10.10.3.10 at 2019-10-09 00:08:31 +0300
I, [2019-10-09T00:08:31.105990 #796-47280003981460] INFO – : Processing by ChannelsTelegramController#index as JSON
I, [2019-10-09T00:08:31.106131 #796-47280003981460] INFO – : Parameters: {"
”=>“1570568801795”}
I, [2019-10-09T00:08:31.145765 #796-47280003981460] INFO – : Completed 200 OK in 39ms (Views: 13.0ms | ActiveRecord: 6.1ms)
I, [2019-10-09T00:08:47.640199 #866-70021288195740] INFO – : execute Channel.fetch (try_count 0)…


Good news, everyone.

  1. Certificates. Certificates. Certificates. (Not developers, developers, developers).

My big mistake was my public cert, issued by Sectigo, via UserTrust, and then my cert.
So, to fix problem with telegram, you need to combine all three certs in one file, where before that was only one my cert. Order of certificates are important:

  1. Your cert (server cert)
  2. Intermediate CA
  3. Root CA
    All certs need to be in printable form (which started with begin certificate and finished with end certificate)
    Then pathsto this file and second one, where is your private key (unencrypted), you need to put in /etc/nginx/conf.d/zammad.conf

And check for errors file /var/log/nginx/error.log

If you see:
2019/10/09 00:23:55 [error] 1409#0: OCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status, responder: ocsp.sectigo.com, peer: 151.139.128.14:80, certificate: “/etc/pki/tls/private/ZAMADcert.crt”
Then you have problem with incomplete ZAMADcert.crt file.

If you see:
2019/10/09 02:33:02 [emerg] 6892#0: SSL_CTX_use_PrivateKey_file("/etc/pki/tls/private/ZAMADkey.key") failed (SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch)
Then order of certificates in ZAMADcert.crt file is wrong.

Here ZAMADcert are name of my certificates, your will be different.
Hope this will help.

2 Likes

Glad you could solve your problem!

Just as small side note:
Telegram provides some kind of “status” page for each API Key that might help in many cases as well:
https://api.telegram.org/bot{API-TOKEN-BOT}/getWebhookInfo

Replace {API-TOKEN-BOT} with your Bots API-Token

1 Like