Telegram bot EFATAL: Error: self-signed certificate in certificate chain

The error poped up with the telegram sender node. I successfully tested the setup in my home lab and then installed the MiniPC with Node-Red running in a podman container to a different location.

EFATAL: Error: self-signed certificate in certificate chain

journalctl showed the following:

Dez 08 10:59:12 FBY-ONC middleware[13489]: 8 Dec 10:59:12 - [warn] [telegram bot:4f0125c227cdb803] EFATAL: Error: self-signed certificate in certificate chain
Dez 08 10:59:12 FBY-ONC middleware[13489]: 8 Dec 10:59:12 - [warn] [telegram bot:4f0125c227cdb803] Unknown error. Trying again.
Dez 08 10:59:12 FBY-ONC middleware[13489]: Unhandled rejection RequestError: Error: self-signed certificate in certificate chain
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at new RequestError (/data/node_modules/request-promise-core/lib/errors.js:14:15)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at Request.plumbing.callback (/data/node_modules/request-promise-core/lib/plumbing.js:87:29)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at Request.RP$callback [as _callback] (/data/node_modules/request-promise-core/lib/plumbing.js:46:31)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at self.callback (/data/node_modules/request/request.js:185:22)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at Request.emit (node:events:517:28)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at Request.onRequestError (/data/node_modules/request/request.js:877:8)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at ClientRequest.emit (node:events:517:28)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at TLSSocket.socketErrorListener (node:_http_client:501:9)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at TLSSocket.emit (node:events:517:28)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at emitErrorNT (node:internal/streams/destroy:151:8)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at emitErrorCloseNT (node:internal/streams/destroy:116:3)
Dez 08 10:59:12 FBY-ONC middleware[13489]:     at processTicksAndRejections (node:internal/process/task_queues:82:21)

Please help. Why would telegram complain about a self-signed certificate?
How do I get it to work again?
Is it even a problem with node-red-contrib-telegrambot version 15.1.7 ?

The docker image is based on docker.io/nodered/node-red:3.1.0-18-minimal

The flow:


I just configured the Bot-Name, Token and ChatIds.

I see no reply so will try.

  1. Have you configured the Telegram Config Node for Polling or Webhooks, as you have certificates, I suspect it is Webhooks.
  2. A self signed certificate should not have a certificate chain. So maybe you are setting this up as chain but inserting a Cert Chain.

I have been trying to read up on using Webhooks (and the answer is no for me as I am behind CGNAT), but this may be helpful as there are difference in self_signed and verified certificates.
Marvin's Marvellous Guide to All Things Webhook (telegram.org)
NB I am neither expert on Webhooks, nor Certificates but have used this Node using polling and I still have problems as it loses 5% of messages

There are ways around that. The main one being to use something like Cloudflare Zero Trust which isn't dependent on your IP address because an agent on your server maintains an outward link and Cloudflare itself provides the web endpoint.

CF can also provide its own certs for your endpoints which also helps.

Thanks for your replies.
I use polling.

[warn] [telegram bot:4f0125c227cdb803] EFATAL: Error: self-signed certificate in certificate chain
[warn] [telegram bot:4f0125c227cdb803] Unknown error. Trying again.

Ok, polling should be easy, so I suspect the Token may be wrong. Rather than using environmental variables ${•••••} enter the bot name and token direct into the config node, if that works then sus why environmental variables are not working.
Also make sure your using Bot username (the one ending in ....bot) not the bot name.

Thanks for the hint.
I tried to not use enviroment variables and instead type in the credentials.
Also I used "_BOT" ending.
Unfortunatly the certificate error still remains the same.

But as a test, enter the Token in directly as a string (no quotes), see if that works if it doesnt, then time to look elsewhere


The token was entered directly.

What works:
Using the same credentials in my Development Docker container. It is at a different site and in a different node-red docker container.
Node-Red in my Dev container has version 2.2.2, node-red-contrib-telegrambot is version 15.1.8.

So the container on site, which causes the certificate errors must be the problem.

Unfortunletly I have no clue on how to resolve the issue with the self-sign-certificates!

If you are using the same BOT in two different places, telegram will bounce one, a BOT can only be used in one spot (ie one BOT node), you will need another BOT from telegram for the second instance.

In fact, I had multipe bot instances with the same token. But that error message was specific to multiple bot instances.

Unfortunatly I can not find anything about

EFATAL: Error: self-signed certificate in certificate chain