SslHandshakeError on Card Validator


#1

When I try to test my domain in the validator I get:

ERROR: Failed to fetch page due to: SslHandshakeError

I am using a wildcard SSL cert on the domain and using CloudFront to serve the page (which I think is the problem). I ran into this problem with Java 6 in the past, not sure if this is related or not.

Is there a way to debug this further?


#2

Any ideas? Both Facebook and Google parse the site just fine. I’m not sure where Twitter is getting hung up so it’s difficult to debug on my end. Thanks!


#3

I’m having the same problems.

I wonder if this is because the validator does not support Server Name Indication (SNI) for SSL? Cloudfront relies on SNI so that it doesn’t have to assign a dedicated IP address to each SSL endpoint.


#4

Yes, that’s exactly it. It appears that they are using Java 6 which does not support SNI. Unless Twitter plans on updating their Java version, the only solution is to pay the $600 a month for a dedicated IP or not use Cloudfront for the entire site.

It was cheaper for us to spin up a beanstalk with a tomcat server and install the SSL cert on that.


#5

Hi @dssupport, it looks like your card at https://dumbstruck.me/ is working. Are you having issues with other URLs or domains?


#6

Nope, we fixed it, thanks!


#7

Hey @jbulava, we’re having the same issue for https://www.new-bamboo.co.uk - could you please take a look at that? I’d really like to find out what the underlying problem is


#8

I will reach out to the engineering team about the SSL error as I am unsure myself. Apologies for the trouble.


#9

Hey @jbulava, is there any update on this? We’re running into the same issue with CloudFront and moving to an implementation that does not require any SNI would be a major hurdle for us. Other popular crawlers and bots work fine. Fixing this would require us to eliminate the benefits of our CDN and SSL offloading.


#10

Hey,

Any update on this? Anyone using Cloudfront and Amazon right now cant use Twitter cards.


Shreyas


#11

Hi @jbulava, all

I have a similar issue with my domain - can’t validate the card as it complains about the handshake error. Yet, my website lods w/ SSL correctly on the browser, e.g.

https://www.yapme.co/y/ag1zfnlhcG1lLWRvdGNvchILEgVNZWRpYRiAgICA1LqGCQw

I’m using SNI for my certificate and found that it fails on command line with

openssl s_client -connect www[DOT]yapme.co:443

but works with

openssl s_client -servername www[DOT]yapme.co -connect www[DOT]yapme.co:443

(Had to use [DOT] to make the post valid in the previous commands)

So I’m wondering if you support SNI w/ SSL?

Thanks!


#12

We are having the same issue with Google App Engine.


#13

+1 We are seeing the same problem.


#14

@jbulava Any update on this? We have no problems with Facebook or Google Plus, but Twitter cards integration seems pretty broken right now.


#15

We have deployed a new release, would you please try again?
https://cards-dev.twitter.com/portal/validation


#16

I too am getting this error. I just noticed that none of the links were showing the cards lately, and I did just add SSL to my server a few days ago. What gives? As others have said, Googe, Twitter, etc works fine. It is only twitter cards that are currently giving errors for my site after adding SSL.


#17

Just checking in to see if this is still an issue for people. All URLs provided above (that also have Twitter meta data) appear to be validating correctly.

@NightSurge, you are the last person to post after a fix was implemented. If you are still having an issue, please reply with a URL to debug.


#18

https://xboxdvr.com/DiPN%20D%20Dizzy/3f96633e-e368-4d57-aeb3-e5c95f56324f

Still getting error. If I simply remove the s from https it works, but my site uses SSL, so I can’t simply do that.


#19

Our site now works, but we’ve moved to a different infrastructure.


#20

our site quoteflare.com is still getting this same error
twitter cards are getting a 404 error where the image is supposed to be when you open them.