SSL certificate / HTTPS issue using Thin rack ruby server

445 views
Skip to first unread message

Giorgio Robino

unread,
Nov 22, 2015, 11:45:35 AM11/22/15
to thin-ruby
I have some troubles using Thin rack Ruby server (https://github.com/macournoyer/thin) to receice HTTPS webhooks.

Maybe that's not exactly a problem related specifically to Thin but to SSL certificates configuration.

I'd like to manage incoming HTTPS connections (webhooks: Telegram.org server call my Thin (sinatra/rack) app, sending messages updates through webhooks)


Step 1. I created a SSL KEY and PEM files self-signed certificate, as described here: https://core.telegram.org/bots/self-signed


    openssl req -newkey rsa:2048 -sha256 -nodes -keyout YOURPRIVATE.key -x509 -days 365 -out
    YOURPUBLIC.pem -subj "/C=US/ST=New York/L=Brooklyn/O=Example Brooklyn Company/CN=YOURDOMAIN.EXAMPLE"



Step 2. I call Telegram Server Bot API to receive webhooks at a specified HTTPS host/path, as described here: https://core.telegram.org/bots/api#setwebhook
API endpoint return success.


Step 3. I run Thin with these parameters:


    bundle exec thin start --ssl --ssl-key-file ~/.ssl/YOURPRIVATE.key --ssl-cert-file ~/.ssl/YOURPUBLIC.pem --rackup /myhome/handyBOTS/rackup/handler.ru --address xxx.xxx.xxx.xxx      --port 8443  --environment production
    Thin web server (v1.6.4 codename Gob Bluth)
    ...
    ...
    ...

I have troubles in runt-time:
I see Telegram remote server call the Thin sever webhooks, but Thin complain with laconic:


    <SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp><SSL_incomp>



So I'm confident that Thin server receives calls from remote Telegram Server but it doesn't process requestes.
I presume that's some SSL configuration incongruence.


Any idea ?


My specific question is:

**Which is the CRT file format Thin expects ?**

It's correct to pass to Thin the PEM file with this command line parameter `--ssl-cert-file ~/.ssl/YOURPUBLIC.pem`  ?


Thanks

giorgio


Marko Tišler

unread,
Dec 25, 2015, 7:36:16 AM12/25/15
to thin-ruby
I am having the same issues. GET request from browsers work fine and HTTPS with Thin generally works. I can even call the webhooks with CURL if I ignore the self-signed cert.. I am thinking this may be an issue due to using a self-signed certificate but I do not know how to continue troubleshooting further. 

Did you get anywhere with this?

Cheers,

Marko

Giorgio Robino

unread,
Dec 25, 2015, 2:00:10 PM12/25/15
to thin-ruby

Marko Tišler

unread,
Dec 29, 2015, 8:35:06 AM12/29/15
to thin-ruby
Thanks Giorgio,

putting nginx in front worked like a charm for my SSL issues. 

Best,

Marko
Reply all
Reply to author
Forward
0 new messages