So now that I knew that there is official solution, I came up with the following unofficial solution
For everyone who might be reading this: it only makes sense if you’re running n8n WITHOUT docker, i.e. installed it on a dedicated server.
The problem is, Telegram is very strict when it comes to security, so even if one has an SSL certificate installed, Telegram requires the whole certificate chain to be valid. This results in a situation when some services (and browsers) work with n8n no problem (trust it enough), while Telegram doesn’t.
n8n (without traefic outside of docker) can’t serve the whole certificate chain so we’d need something that can. I decided to use Caddy. It will serve certificates automatically with no need to even bother with certificate files. I believe it’s so good, it should be the default way.
The overall idea is for n8n to work in http mode on a port 9000 while Caddy will listen to port 443, pretend it’s https, forward all requests to n8n etc.
Download and install Caddy as described here: Install — Caddy Documentation
Ensure that n8n is configured as http and on some higher port. It is very important for WEBHOOK_TUNNEL_URL to be set. Here’s a quick minimal set up that I store in /etc/environments on my server:
It’s very important to add https:// to the example.com in the last line and not omit the final slash (/).
Create a file called Caddyfile anywhere you like and populate it with two strings:
Now if you go to the directory with Caddyfile you created and execute ‘sudo caddy run’ everything should work: example.com should be available via https, all webhooks should work and Telegram should work.
Now the only trouble left is to start Caddy automatically. Several steps to do that.
Find out path to your caddy installation via ‘which caddy’. In my case it’s /usr/bin/caddy so I’ll keep using this as example.
Let’s give Caddy rights to use port 443 (https) without the need to be launched as root:
sudo setcap cap_net_bind_service=+ep /usr/bin/caddy
Now let’s create a service. Say ‘sudo nano /etc/systemd/system/caddy.service’ and paste the following
ExecStart=/usr/bin/caddy run -config=“path_to_your_caddy_file”
- Now let’s active the startup service we just created
sudo systemctl enable caddy
sudo service caddy start
Now Caddy will start on boot. If you’re using pm2 to start n8n, as described here, you can configure it to automatically start n8n by ussuing ‘pm2 startup’, doing what it says, then ‘pm2 start n8n’, then ‘pm2 save’.