i started to listening nginx, and when i press the button confirm and save, no one call or check my website, my nginx console is clear. But i past correct address. I spend to this whole day. Can anyone to help me?

# HTTP  Let's Encrypt / Sectigo Validation
server {
    listen 80;
    server_name mentest.net www.mentest.net;

    root /var/www/mentest;
    index index.html index.htm;


    #      SSL
    location /.well-known/pki-validation/ {
        allow all;
        root /var/www/mentest;
        try_files $uri =404;
    }

    #     HTTPS
    return 301 https://$host$request_uri;
}

# HTTPS
server {
    listen 443 ssl;
    server_name mentest.net www.mentest.net;

    root /var/www/mentest;
    index index.html index.htm;

    ssl_certificate /etc/ssl/certs/mentest_net.crt;
    ssl_certificate_key /etc/ssl/private/mentest_net.key;
    ssl_trusted_certificate /etc/ssl/certs/My_CA_Bundle.ca-bundle;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

 # Webhook для WhatsApp — ПРОКСИРУЕМ СНАЧАЛА
    location /wawebhook {
        proxy_pass http://127.0.0.1:5000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Основной Node.js сайт на 3000
    location / {
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

const express = require('express');
const app = express();

app.use(express.json());

const port = process.env.PORT || 5000;
const verifyToken = 'my_secret_token'; // токен прямо здесь

app.get('/wawebhook', (req, res) => {
    const { 'hub.mode': mode, 'hub.challenge': challenge, 'hub.verify_token': token } = req.query;

    // Проверяем токен и mode
    if (mode === 'subscribe' && token === verifyToken) {
        res.status(200).send(challenge); // Отправляем обратно challenge
    } else {
        res.status(403).end(); // Неверный токен или mode
    }
});


app.post('/wawebhook', (req, res) => {
    const timestamp = new Date().toISOString().replace('T', ' ').slice(0, 19);
    console.log(\nWebhook received ${timestamp});
    console.log(JSON.stringify(req.body, null, 2));
    res.sendStatus(200);
});

app.listen(port, () => {
    console.log(Listening on port ${port});
});

PS C:\Users\Жасын\Desktop\!mentestbot> curl.exe -v "https://mentest.net/wawebhook?hub.mode=subscribe&hub.verify_token=my_secret_token&hub.challenge=123"
* Host mentest.net:443 was resolved.
* IPv6: (none)
* IPv4: 45.32.121.132
*   Trying 45.32.121.132:443...
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server accepted http/1.1
* Established connection to mentest.net (45.32.121.132 port 443) from 192.168.1.238 port 49745
* using HTTP/1.x
> GET /wawebhook?hub.mode=subscribe&hub.verify_token=my_secret_token&hub.challenge=123 HTTP/1.1
> Host: mentest.net
> User-Agent: curl/8.16.0
> Accept: /
>
* Request completely sent off
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated
< HTTP/1.1 200 OK
< Server: nginx/1.24.0 (Ubuntu)
< Date: Mon, 17 Nov 2025 13:10:45 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 3
< Connection: keep-alive
< X-Powered-By: Express
< ETag: W/"3-QL0AFWMIX8NRZTKeof9cXsvbvu8"
<
123* Connection #0 to host mentest.net:443 left intact

BUT "The callback URL or verification token check failed. Please verify the provided information or try again later."

I’m trying to verify my webhook URL for WhatsApp Cloud API (Meta).
My Nginx is configured as a reverse proxy, and my Node.js webhook server listens on port 5000.

When I run a manual test using curl:

curl -v "https://mentest.net/wawebhook?hub.mode=subscribe&hub.verify_token=my_secret_token&hub.challenge=123"

I receive the expected response:

HTTP/1.1 200 OK
123

So Nginx → Node.js → webhook logic works correctly.

---

However, when I try verifying the callback URL in the Meta Developer Dashboard, I get the error:

The callback URL or verification token check failed.
Please verify the provided information or try again later.

I don’t understand why Meta fails, because curl verification shows correct behavior.

Below is my Nginx config and Node.js webhook code.

---

My suspicion

• Maybe Meta doesn’t like the redirect from www.mentest.net → mentest.net

• Or maybe the token in Meta does not match my_secret_token

• Or Meta caches failures for several minutes

---

My question

What am I missing? Why does curl verification work but Meta still fails verification?
Does Meta reject URLs that respond with 301 redirects, or is there another known issue?

---

Additional information

• DNS resolves correctly

• SSL certificate is valid

• No firewall restrictions

• Node receives curl requests but does NOT receive any request from Meta

The problem was the certificate. it was not assembled correctly.