Connection refused when fetching a summary card

csaltos · 2015-03-20T14:54:38.932Z

@PiciScan a couple of months ago a similar problem happened like this but with LinkedIn: everything was OK and suddenly our “poor” GoDaddy certificate was not recognized anymore by LinkedIn. Of course we’ve tried to contact LinkedIn regarding this issue and for them to update their CA certification base correctly but no answer. We were about to buy a new more “fancy” and more expensive SSL certificate when the problem was magically fixed at one of the LinkedIn own releases when they update correctly their CA certificates.

Things we’ve learned:

The cheap SSL certificates are cheap for a reason and that is because they have mostly unknown intermediate CA validations and thus most of the upgrades of third parties will take time for them to recognize your “poor” SSL certificates (if important to you and you can afford it, of course try to purchase more fancy SSL certificates with a more solid and recognized CA validation)
For the mega organizations to listen to the small clients is very difficult, but here we are, let’s hope they listen to us one day !!
The goal of the mega organizations is to ensure a correct and secure connection and use, so if you follow good security practices you are closer to get a good relationship with Twitter, LinkedIn and others (for instance, try to get a good rating using tools like ssllabs.com)
And PATIENCE !! … lots of PATIENCE !!

PiciScan · 2015-03-30T09:41:21.189Z

@juanjodlt Any progress? I just can’t understand why all Twitter Cards were working fine, and then, though nothing had changed on my website, they suddenly didn’t. It is VERY frustrating.

PiciScan · 2015-03-30T09:47:54.468Z

Just a thought … has the post by @rchoi on Automatic Cards Whitelisting got anything to do with this?

juanjodlt · 2015-03-30T15:50:27.269Z

Hi @PiciScan, thanks for pointing that post to us. Indeed, now our summary cards are working. The card previewer/validator is not working yet, I guess Twitter Devs are making some changes to integrate the new Automatics Cards Whitelisting thing with it.

@OMGUrOnline @sarahzj @espanabreaks @PiciScan: Does you cards are working now?

OMGUrOnline · 2015-03-30T18:47:17.742Z

My Player Cards still do not work when using a https link, but work fine when using a http link…

espanabreaks · 2015-03-31T08:23:17.381Z

Still no joy unfortunately

OMGUrOnline · 2015-03-31T22:50:11.414Z

Hey PiciScan,

I checked that out and it seems the issue everyone is having is with Player Cards, which still require validation and whitelisting by Twitter. They are the only cards that aren’t supposed to be affected by the automatic whitelisting.

Thanks, though… it was another lead to follow.

Greg

jbulava · 2015-04-01T21:00:17.365Z

I have passed this issue along to the Cards engineering team and will respond here with updates. This is being tracked internally as PREL-12939.

juanjodlt · 2015-04-06T19:05:28.290Z

Thanks @jbulava. I’ve tested today with this link: https://www.talenteca.com/empleo/mexico/cuautitlan-izcalli-edo-de-mex-/auxiliar-de-almacen/5522c5305801005601543fcd and the large-summary-card is not being showed.

jbulava · 2015-04-06T19:24:54.351Z

As engineering continues to investigate on our side, I’ve been asked to inquire about the hosting service providers used by those affected. Could you please respond here with that information?

OMGUrOnline · 2015-04-06T19:45:57.744Z

jbulava,

I am using certifiedhosting.com for my server hosting.

Greg

OMGUrOnline · 2015-04-06T23:44:36.551Z

it’s been officially over a month since my player cards stopped working…

juanjodlt · 2015-04-07T00:07:11.517Z

@jbulava our site is hosted in AWS-EC2

espanabreaks · 2015-04-07T09:12:32.975Z

We are using Vidahost Cloud and have sitewide SSL enabled. We have a couple of sites on it using cards, both configured identically. bathmums.co.uk continues to work fine, espanabreaks.com cards worked initially then broke. The latter has a fairly new certificate (<2 months old), the former was first issued in 2013 and renewed about 6 months ago.

OvercastFM · 2015-04-08T02:27:13.164Z

I’m facing the same issue — my cards (e.g. http://overca.st/CdT4UF_0) stopped working at the same time and produce the “connection refused” error as well. Nothing changed on my end that would break this, as far as I know. The SSL certificate has remained constant.

I’m hosted at Linode, but I bet that’s not the issue. My SSL certificate is still signed with a SHA-1 signature, if that helps — ultra-strict implementations are beginning to show warnings about those. (I can’t upgrade without breaking some old SSL-pinned clients, so I’m waiting as long as I can.)

DenisLaliberte · 2015-04-09T17:09:29.266Z

We encounter the same ssl issue. We bypass the issue by redirecting the twitter user agent to the http site and all other requests to https.

Now we can use the validator with the http url, twitter can fetch the card metadata, and all regular users are redirected to https.

This is only a temporary fix but it’s working for now.

Here some configuration example for Apache :

RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteCond %{HTTP_USER_AGENT} ^Twitterbot/(.)$
RewriteRule ^/?(.)$ http://%{HTTP_HOST}/$1 [R=301,L]

OvercastFM · 2015-04-14T18:16:11.130Z

I’ve upgraded my certificate to SHA-256 and removed an HTTP-to-HTTPS short-domain-to-long-domain redirect. The SSL implementation gets an “A” from the Qualys SSL test (although it did before, too). New link example: https://overcast.fm/+DCGWw7c

The problem persists.

andydust · 2015-04-15T19:22:42.883Z

Upgrading OpenSSL fixed this for us.

OvercastFM · 2015-04-16T21:17:41.669Z

This has been fixed for my site sometime in the last 48 hours or so. Fixed for everyone, or just me?

450GSM · 2015-04-16T21:41:53.885Z

It seems to be fixed for our site, too!