Card validation ERROR: Fetching the page failed because SSL handshake error


#1

When testing the URL https://www.wigglypath.com or any of the pages the blog contains I get the error

ERROR: Fetching the page failed because SSL handshake error.

This is an Apache server, running on a dedicated AWS server with static IP address. SSL labs scores the server an A rating, so I don’t expect a configuration issue. No regular browsers I’m aware of have an issue with the site. Also, I’m fairly certain that the cards worked before.

Is it possible to get more information from the validator? If not, where should I look to resolve the issue?


"ERROR: Fetching the page failed because SSL handshake error."
#2

I’m still unsure how to progress. If it necessary to downgrade my SSL security to get Twitter cards to work?


#3

Still no inspiration why this is not working. The Facebook link preview validator works fine:

https://developers.facebook.com/tools/debug/og/object?q=HTTPS%3A%2F%2FWWW.wigglypath.com

Are there any Twitter devs watching the forums who can say what’s going on?


#4

Anybody got any thoughts on why Twitter requires downgraded security for cards to operate?


#5

There’s no requirement to “downgrade” security. In fact, the validator is just being very strict here. Therefore, there is a need to ensure that your CA cert details and Apache ServerName and ServerAlias match up.

Looking at your site, it looks as though CN is set to wigglypath.com which does not match the domain that the validator is trying to check.

subject=/OU=Domain Control Validated/CN=wigglypath.com

See these threads for more information:

If you do have the ServerName and ServerAlias set correctly, then there may be some other issue here.


#6

Sorry for the delay getting back with a response Andy.

It seems that there was a configuration error where the ServerName and ServerAlias were not set in the virtual host, allowing it to act as a default for any host request. This did not break the browsers as the certificate was recognised, but as you suggested Twitter is more strict.

The actual fix was to set the ServerName and ServerAlias, plus to ensure the setting in the virtual host block:

SSLEngine on

which is necessary when the server names are specified (as the default server setting is suddenly no longer valid).

Thanks for your help! I wish the validator had given me a hint what the actual issue was to save you time and effort guiding me.


#7