After July 27th: ERROR: Fetching the page failed because other errors

ssl

#1

After July 27th, my cards for https://gabrieleromanato.com are not working anymore.
In the validator I got this error: ERROR: Fetching the page failed because other errors.

Sample URL: https://gabrieleromanato.com/2017/07/sviluppare-ecommerce-introduzione

Thanks


#2

The cards crawler is unable to verify your SSL certificate. If this worked prior to July 27th, what changed on your server after that time?


#3

Nothing.


#4

That’s odd - equally there have been no changes to the way that the crawler validates certificates, and I confirmed that the certificate is invalid or not correctly configured using openssl:

$ echo -e "HEAD / HTTP/1.0\r\nHost: gabrieleromanato.com\r\n\r\n" | openssl s_client -servername gabrieleromanato.com -connect gabrieleromanato.com:443 -state -quiet

#5

If it’s invalid, how can my site work in Chrome 60 which is notoriously picky about SSL? To put it in another way: how does your crawler validate certificates? I don’t have enough info from your docs to fix this issue on my server because for example I don’t know whether your crawler follow a procedure similar to the SSLabs one or another approach. Thanks again. :slight_smile:


#6

The crawler is written in Java and it looks like there’s some kind of issue with matching certificates here as shown by the openssl command I demonstrated above. It may be similar to this issue, but I’m not certain.


#7

My site is written in Node.
Here’s the nginx directives taken from Virtualmin:

`server {
server_name gabrieleromanato.com www.gabrieleromanato.com;
listen 80;
return 301 https://$server_name$request_uri;
}

server {
server_name gabrieleromanato.com www.gabrieleromanato.com;
root /home/foo/public_html;
index index.html index.htm index.php;
access_log /var/log/foo/gabrieleromanato.com_access_log;
error_log /var/log/foo/gabrieleromanato.com_error_log;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_FILENAME /home/foo/public_html$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT /home/foo/public_html;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS $https;

location / {
proxy_pass https://127.0.0.1:1234/;
}
location ~ .php$ {
try_files $uri =404;
fastcgi_pass unix:/var/php-nginx/14911271811960.sock/socket;
}
listen 443 ssl;
ssl_certificate /home/foo/ssl.crt;
ssl_certificate_key /home/foo/ssl.key;
}
`


#8

Found the problem. I wasn’t serving the intermediate certificate with nginx.
Here how to do it: https://support.comodo.com/index.php?/Knowledgebase/Article/View/1091/37/certificate-installation--nginx

Thanks for your attention Andy. You can close the thread.


#9

#10

Glad you figured it out, and thanks for sharing the solution!