Failed to validate: Invalid TLS certificate

I am building an app that relies on webhooks as a core part of its functionality. As of today (30th of December 2022), validating the webhook fails with the following error: “Invalid TLS certificate”.

Important things to note:

  • The certificate is issued by Lets Encrypt (via certbot)
  • The certificate is considered valid by Mozilla Firefox and Google Chrome

I have found the following (unsolved) issues on the developer forum:

Both of these issues ended up being solved by globally disabling validation

API Endpoint(s) and/or Zoom API Event(s)
meeting.participant_joined_waiting_room (

Invalid TLS certificate

How To Reproduce
Before you set this up, you need a domain you can test this with. ### everywhere in these instructions (or domains referenced in third party instructions) refer to this domain.

  1. Spin up a server (we are using Vultr in Sydney as our provider, Ubuntu 22.04)
  2. Obtain a Lets Encrypt certificate by following the relevant instructions (Software: other, System: Ubuntu 20): Certbot Instructions | Certbot
  3. Clone down the example app (GitHub - trickypr/webhook-sample-node.js: Receive Zoom Webhooks) (this fork has https support)
  4. Run npm install
  5. Set env variables (in .env) ZOOM_WEBHOOK_SECRET_TOKEN to the relevant secret (described in README) and PORT=443
  6. Set env KEY=/etc/letsencrypt/live/###/privkey.pem where ### is your certificate’s domain name
  7. Set env CERT=/etc/letsencrypt/live/###/cert.pem where ### is your certificate’s domain name
  8. Run the application via node index.js
  9. Visit the domain you assigned in a web browser to see it is
    1. Secure and
    2. returning something like “Webhook Sample Node.js successfully running. Set this URL …”
  10. Go back to the webhook app that you got the secret from and register a webhook (e.g. “Participant was admitted into a meeting”) to https://###/webhook where ### is your domain
  11. Press validate
  12. Text will popup below the URL box saying “Invalid TLS certificate”

Hi @trickypr
Thank you for reaching out to the Zoom Developer Forum, I am happy to help here!
I am checking in with you to confirm if you are still having this issue when trying to validate your webhook URL?
Please, let me know if you need me to look into this.

I found a solution, which is to forward the webhooks through cloudflare, which used cloudflares certificates rather than Lets Encrypt. I am unable to reproduce this again at the moment.

Amazing @trickypr
happy to hear you found a workaround
Feel free to reach out back to us if you need anything else.