Self-signed certificate issue on setup webhhok for Facebook-messenger bot application

Question

I get this error when i tried to set webhook url for facebook messenger bot:

The URL couldn't be validated. Callback verification failed with the following errors: curl_errno = 60; curl_error = SSL certificate problem: self signed certificate in certificate chain; HTTP Status Code = 200; HTTP Message = Connection established

First i created certificate.

1) I used this config file and created certificete authority:

openssl req -new -x509 -days 9999 -config ca.cnf -keyout ca-key.pem -out ca-crt.pem

2) I generated a private key

openssl genrsa -out server-key.pem 4096

Then i generated certificate signing request using this configuration file

openssl req -new -config server.cnf -key server-key.pem -out server-csr.pem

After that i executed command:

openssl x509 -req -extfile server.cnf -days 999 -passin "pass:password" -in server-csr.pem -CA ca-crt.pem -CAkey ca-key.pem -CAcreateserial -out server-crt.pem

I didn't chnage any property in configuration files. Then installed my certificate on windows server by this way

On my Node.js app i created https server using this options:

var server = https.createServer({
    ca: fs.readFileSync('sslcert/ca-crt.pem', 'utf8'),
    key: fs.readFileSync('sslcert/server-key.pem', 'utf8'),
    cert: fs.readFileSync('sslcert/server-crt.pem', 'utf8')
}, app); server.listen(port);

And when i tried to set webhook i got above error. If i open my webhook url on browser i am getting

NET::ERR_CERT_AUTHORITY_INVALID

if ignore this error application console shows status 200

score 1 · Answer 1 · answered Jul 25 '16 at 15:43

That's right, the URL couldn't be validated because your self signed certificate is in the certificate chain. This is expected behavior.

Self signed certificates are fine for just encrypting the connection, but they don't convey the other important part of proving third party validation that the provider is who they say they are, which is what validation is.

You'll need to get a cert that carries this validation to validate your callback URL. You can purchase one from a reputable vendor, or you can use a service like StartSSL to get one for free (I'm not associated with them in any way, I've just had good experience with them).

score 1 · Answer 2 · edited May 23 '17 at 11:53

1

You follow THIS and use letsencrypt after that you will get these four files
1.cert.pem
2.chain.pem
3.fullchain.pem
3.privkey.pem
chain.pem is CA file.

Here I also have written a small code snippet to use these.

edited May 23 '17 at 11:53

Community

1
1

answered Sep 15 '16 at 02:02

Ravi Prakash

1,078
1
8
14

Thanks Ravi, I will take a look of the step to see if it work well – MatthewLuiHK Jan 26 '18 at 02:21

Self-signed certificate issue on setup webhhok for Facebook-messenger bot application

2 Answers2