I am building an app that relies on webhooks as a core part of its functionality. As of today (30th of December 2022), validating the webhook fails with the following error: “Invalid TLS certificate”.
Important things to note:
- The certificate is issued by Lets Encrypt (via certbot)
- The certificate is considered valid by Mozilla Firefox and Google Chrome
I have found the following (unsolved) issues on the developer forum:
- ¿Is Let's Encrypt certificate authority a valid CA for Zoom Webhooks?
- Unable to save (Add or Edit) Event Subscriptions for Zoom App
Both of these issues ended up being solved by globally disabling validation
API Endpoint(s) and/or Zoom API Event(s)
Invalid TLS certificate
How To Reproduce
Before you set this up, you need a domain you can test this with.
### everywhere in these instructions (or domains referenced in third party instructions) refer to this domain.
- Spin up a server (we are using Vultr in Sydney as our provider, Ubuntu 22.04)
- Obtain a Lets Encrypt certificate by following the relevant instructions (Software: other, System: Ubuntu 20): Certbot Instructions | Certbot
- Clone down the example app (GitHub - trickypr/webhook-sample-node.js: Receive Zoom Webhooks) (this fork has https support)
- Set env variables (in .env)
ZOOM_WEBHOOK_SECRET_TOKENto the relevant secret (described in README) and
- Set env
KEY=/etc/letsencrypt/live/###/privkey.pemwhere ### is your certificate’s domain name
- Set env
CERT=/etc/letsencrypt/live/###/cert.pemwhere ### is your certificate’s domain name
- Run the application via
- Visit the domain you assigned in a web browser to see it is
- Secure and
- returning something like “Webhook Sample Node.js successfully running. Set this URL …”
- Go back to the webhook app that you got the secret from and register a webhook (e.g. “Participant was admitted into a meeting”) to
https://###/webhookwhere ### is your domain
- Press validate
- Text will popup below the URL box saying “Invalid TLS certificate”