Linode Forum
Linode Community Forums 		 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development
  Previous topic | Next topic 
Author Message
survivehive
PostPosted: Mon Aug 25, 2014 4:06 pm 
Offline
Senior Newbie

Joined: Mon Aug 25, 2014 4:00 pm
Posts: 5
I just installed a PositiveSSL Certificate from COMODO on my web server.

According to SSL Labs it's working properly: https://www.ssllabs.com/ssltest/analyze ... vehive.com
According to SSL Shopper it's working properly: http://www.sslshopper.com/ssl-checker.h ... vehive.com

According to openssl from the command line it's working properly:

Code:
PROMPT$ openssl s_client -connect survivehive.com:443
CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=www.survivehive.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
 3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---


But yet when I use the Facebook URL Debugger: https://developers.facebook.com/tools/debug/og/object/ enter: "https://www.survivehive.com" and select "Fetch new scrape information" it responds with an error:

Quote:
Curl Error : SSL_CONNECT_ERROR error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number


This results in blank content being shared from my site.

Is this a Facebook issue, or an issue on my part? Is there anything I can do about it aside from hope Facebook will fix it?

Thanks in advance for any insight!


Last edited by survivehive on Mon Aug 25, 2014 4:27 pm, edited 1 time in total.

Top
   
Reply with quote  
akerl
PostPosted: Mon Aug 25, 2014 4:15 pm 
Offline
Senior Member

Joined: Mon Jul 05, 2010 5:13 pm
Posts: 392
Your server doesn't allow SSLv3, as shown on the ssllabs output. Facebook is trying to connect to your server via SSLv3.

- Les
Top
   
Reply with quote  
survivehive
PostPosted: Mon Aug 25, 2014 4:21 pm 
Offline
Senior Newbie

Joined: Mon Aug 25, 2014 4:00 pm
Posts: 5
Thanks Les, silly oversight on my part. I think I've resolved that now (see the new SSL Labs output) yet the debugger still has the same error.
Top
   
Reply with quote  
akerl
PostPosted: Mon Aug 25, 2014 4:28 pm 
Offline
Senior Member

Joined: Mon Jul 05, 2010 5:13 pm
Posts: 392
Might be caching, might be lack of available ciphers. You appear to be limiting them quite severely.

- Les
Top
   
Reply with quote  
survivehive
PostPosted: Mon Aug 25, 2014 4:44 pm 
Offline
Senior Newbie

Joined: Mon Aug 25, 2014 4:00 pm
Posts: 5
Interestingly, when I updated /etc/hosts from:

Code:
IP survivehive.com


to:

Code:
IP www.survivehive.com


Now I no longer get "unknown protocol" when I run: curl https://www.survivehive.com (with or without --sslv3 option)

So there was some definite mis-configuration on my part.

Facebook still isn't playing well with me.
Top
   
Reply with quote  
hoopycat
PostPosted: Mon Aug 25, 2014 6:35 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
Umm, why do you have that in /etc/hosts at all? It exists in the DNS, so putting it in /etc/hosts can only lead to problems. (Such as this, perhaps.)

_________________
Code:
/* TODO: need to add signature to posts */
Top
   
Reply with quote  
survivehive
PostPosted: Mon Aug 25, 2014 6:42 pm 
Offline
Senior Newbie

Joined: Mon Aug 25, 2014 4:00 pm
Posts: 5
hoopycat wrote:
Umm, why do you have that in /etc/hosts at all? It exists in the DNS, so putting it in /etc/hosts can only lead to problems. (Such as this, perhaps.)


Because my interpretation of this guide told me to: https://www.linode.com/docs/getting-started

Quote:
Next, edit your /etc/hosts file to resemble the following example, replacing plato with your chosen hostname, example.com with your system’s domain name, and 12.34.56.78 with your system’s IP address. As with the hostname, the domain name part of your FQDN does not necesarily need to have any relationship to websites or other services hosted on the server (although it may if you wish). As an example, you might host “www.something.com” on your server, but the system’s FQDN might be “mars.somethingelse.com.”

/etc/hosts
Code:
127.0.0.1 localhost.localdomain localhost 
12.34.56.78 plato.example.com plato


So therefore I have a line that is:

Code:
198.58.109.241 www.survivehive.com hivecore


One thing I do know, is that commenting that line out causes the following when I attempt to CURL the page:

Code:
curl: (35) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number


Which looks awfully familiar to what Facebook reports, yet still I haven't found any solution.
Top
   
Reply with quote  
hoopycat
PostPosted: Mon Aug 25, 2014 7:09 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
The /etc/hosts entry is masking the problem you're having. I'm getting something like this when I try from home:

Code:
rtucker@racer-x:~$ curl https://www.survivehive.com/
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol


Indeed...

Code:
rtucker@racer-x:~$ curl http://www.survivehive.com:443/
<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
<p>The web server software is running but no content has been added, yet.</p>
</body></html>


What's your web server configuration look like? I suspect you're hard-coding it to only do SSL on 198.58.109.241 instead of all IPv4 and IPv6 addresses...

_________________
Code:
/* TODO: need to add signature to posts */
Top
   
Reply with quote  
survivehive
PostPosted: Mon Aug 25, 2014 7:14 pm 
Offline
Senior Newbie

Joined: Mon Aug 25, 2014 4:00 pm
Posts: 5
hoopycat wrote:
What's your web server configuration look like? I suspect you're hard-coding it to only do SSL on 198.58.109.241 instead of all IPv4 and IPv6 addresses...


Well now I feel like a fool. You're absolutely correct! I had the full IP:443 as opposed to *:443

After making that change, removing the line from /etc/hosts, and restarting apache, everything has come together. curl works, AND Facebook is happy!

Thanks dude.. I've been pulling my hair out over this.
Top
   
Reply with quote  
hoopycat
PostPosted: Mon Aug 25, 2014 7:47 pm 
Offline
Senior Member
User avatar

Joined: Sat Aug 30, 2008 1:55 pm
Posts: 1739
Location: Rochester, New York
No worries... it was a rather obscure problem. :-) Also, the error message curl gives isn't exactly clear either...

_________________
Code:
/* TODO: need to add signature to posts */
Top
   
Reply with quote  
Display posts from previous:  Sort by  
Post new topic  Reply to topic

Board index » Linux Community Forums » Web Servers and Web App Development


Who is online

Users browsing this forum: No registered users and 3 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
RSS

Powered by phpBB® Forum Software © phpBB Group