SSL Issue with Facebook and Google+?


#1

I got certificates for my websites and installed them. The websites appear to be working fine via HTTPS through various browsers and get an A rating on SSL Labs. But when I paste links to the websites on Facebook or Google Plus, I get errors.

For example: https://software.kareldonk.com

Tested via SSL Labs, gives an A rating. https://casecurity.ssllabs.com/analyze.html?d=software.kareldonk.com

When posting that URL to Facebook, it cannot read the og properties in the page. Via the Facebook Debugger it reports the following error: “Curl Error : SSL_CONNECT_ERROR Unknown SSL protocol error in connection to software.kareldonk.com:443

When trying to post the link to Google+, it reports “That link isn’t valid. Check it and try again.” I suspect that it might also be related to the SSL config.

Is this because certificates from Let’s Encrypt aren’t fully supported yet by everyone? Or have I missed a configuration setting?


#2

Did you just change anything to your server configuration? Because when I was trying to debug, this happened:

osiris@desktop tmp $ curl https://software.kareldonk.com
curl: (35) Unknown SSL protocol error in connection to software.kareldonk.com:443 

starting WireShark in another terminal tab;
Trying again:

osiris@desktop tmp $ curl https://software.kareldonk.com
 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

I didn’t change anything on my end, except a dig software.kareldonk.com to check the IP address for the WireShark filter. And suddenly it works.


#3

I got the same exact failure and then success on 2nd attempt.


#4

Thanks for trying Osiris. I didn’t change anything at all. I was just also able to verify my website via Google Webmaster Tools using HTTPS. A few minutes ago it wasn’t possible; webmaster tools said it couldn’t connect. Now it suddenly worked. Very strange.


#5

On my server I’ve got the same issue again on the first try: the second try succeeds.

This time, I started tcpdump befóre the first try :wink: Apparently, your server disconnects the TCP connection after the SSL “Client Hello” (i.e.: the very first message between the client and server in the SSL connection). Why? No clue… The second time everything goes well, while the Client Hello message is the same as the first?


#6

Yes this also seems to happen with FTP for some reason. First try I get a socket error 10054. Second try succeeds.

“A socket error 10054 may be the result of the remote server or some other piece of network equipment forcibly closing or resetting the connection.”

This might be an issue related to the host (GoDaddy). Time to call their support…


#7

Well i got very strange issue.
https://developers.facebook.com/tools/debug/og/object/?q=https%3A%2F%2Fwww.iubezpieczenia.net%2F

facebook cant debug my site, Cant veryfy SSL.


#8

I’m not sure if it was the “fix”, but I hit the “Fetch new scrape information” and now, without the old info from November, it seems to be OK. At least for the SSL part it is.


#9

Yes, it was fixed 15 minutes ago :slight_smile:
my host provider told me that i didn`t instal ca_bundle.crt in my SSL.

Regards.