View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Apache SSL And Facebook URL Linter CURL error
Log in to Ask a Question

Apache SSL And Facebook URL Linter CURL error

development

I just installed a PositiveSSL Certificate from COMODO on my web server.

According to SSL Labs it's working properly: https://www.ssllabs.com/ssltest/analyze … vehive.com">https://www.ssllabs.com/ssltest/analyze.html?d=survivehive.com

According to SSL Shopper it's working properly: http://www.sslshopper.com/ssl-checker.h … vehive.com">http://www.sslshopper.com/ssl-checker.html#hostname=www.survivehive.com

According to openssl from the command line it's working properly:

PROMPT$ openssl s_client -connect survivehive.com:443
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.survivehive.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---

But yet when I use the Facebook URL Debugger: https://developers.facebook.com/tools/debug/og/object/ enter: "https://www.survivehive.com" and select "Fetch new scrape information" it responds with an error:

> Curl Error : SSLCONNECTERROR error:1408F10B:SSL routines:SSL3GETRECORD:wrong version number

This results in blank content being shared from my site.

Is this a Facebook issue, or an issue on my part? Is there anything I can do about it aside from hope Facebook will fix it?

Thanks in advance for any insight!

9 Replies

Your server doesn't allow SSLv3, as shown on the ssllabs output. Facebook is trying to connect to your server via SSLv3.

  • Les

Thanks Les, silly oversight on my part. I think I've resolved that now (see the new SSL Labs output) yet the debugger still has the same error.

Might be caching, might be lack of available ciphers. You appear to be limiting them quite severely.

  • Les

Interestingly, when I updated /etc/hosts from:

IP survivehive.com

to:

IP www.survivehive.com

Now I no longer get "unknown protocol" when I run: curl https://www.survivehive.com (with or without –sslv3 option)

So there was some definite mis-configuration on my part.

Facebook still isn't playing well with me.

Umm, why do you have that in /etc/hosts at all? It exists in the DNS, so putting it in /etc/hosts can only lead to problems. (Such as this, perhaps.)

@hoopycat:

Umm, why do you have that in /etc/hosts at all? It exists in the DNS, so putting it in /etc/hosts can only lead to problems. (Such as this, perhaps.)

Because my interpretation of this guide told me to: https://www.linode.com/docs/getting-started

> Next, edit your /etc/hosts file to resemble the following example, replacing plato with your chosen hostname, example.com with your system’s domain name, and 12.34.56.78 with your system’s IP address. As with the hostname, the domain name part of your FQDN does not necesarily need to have any relationship to websites or other services hosted on the server (although it may if you wish). As an example, you might host “www.something.com” on your server, but the system’s FQDN might be “mars.somethingelse.com.”

/etc/hosts

127.0.0.1 localhost.localdomain localhost 
12.34.56.78 plato.example.com plato

So therefore I have a line that is:

198.58.109.241 www.survivehive.com hivecore

One thing I do know, is that commenting that line out causes the following when I attempt to CURL the page:

curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Which looks awfully familiar to what Facebook reports, yet still I haven't found any solution.

The /etc/hosts entry is masking the problem you're having. I'm getting something like this when I try from home:

rtucker@racer-x:~$ curl https://www.survivehive.com/
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Indeed…

rtucker@racer-x:~$ curl http://www.survivehive.com:443/

# It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

What's your web server configuration look like? I suspect you're hard-coding it to only do SSL on 198.58.109.241 instead of all IPv4 and IPv6 addresses…

@hoopycat:

What's your web server configuration look like? I suspect you're hard-coding it to only do SSL on 198.58.109.241 instead of all IPv4 and IPv6 addresses…

Well now I feel like a fool. You're absolutely correct! I had the full IP:443 as opposed to *:443

After making that change, removing the line from /etc/hosts, and restarting apache, everything has come together. curl works, AND Facebook is happy!

Thanks dude.. I've been pulling my hair out over this.

No worries… it was a rather obscure problem. :-) Also, the error message curl gives isn't exactly clear either…

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct