30129: Certificate is self signed

Twilio returns 30129 when the TLS certificate used for a Messaging Service Link Shortening domain is self-signed, which Twilio won't accept for HTTPS connections. Link Shortening serves redirects over HTTPS, and Twilio requires a certificate that it can validate.

• You uploaded a self-signed TLS certificate instead of a certificate signed by a trusted certificate authority.
• The Link Shortening domain is using certificate material that Twilio cannot validate for HTTPS redirects.

• Replace the self-signed certificate with a certificate from a trusted certificate authority, such as Let's Encrypt.
• For Link Shortening, use the Twilio-managed certificate option or upload a valid PEM-formatted certificate and private key. Make sure the certificate starts with -----BEGIN CERTIFICATE----- and the private key starts with -----BEGIN PRIVATE KEY-----.
• Provide the full certificate chain when you upload your certificate so Twilio can establish trust for HTTPS redirects.

• Link Shortening
• Link Shortening Onboarding Guide
• Security