Introduction
You are reading a short story on why my Facebook’s share button wasn’t working correctly and how I found the cause of that – “Can’t validate SSL Certificate. Either it is self-signed or it is invalid.”, which is also called Curl Error: 60 SSL_CACERT.
Story
Recently, I have decided to fix my Facebook’s share button finally. I thought that the solution is simple – place Facebook’s meta information inside the <head> tag, and it should work immediately. However, after adding the necessary meta tags, I still wasn’t able to share any content on Facebook.
I wasn’t able to share any text or image of my article on Facebook. That’s when I have realized that the issue lies somewhere else.
After googling for a few minutes, I have found the Open Graph Object Debugger on Facebook, which helped me to identify my issue. The Object Debugger test lead me to this – “Can’t validate SSL Certificate. Either it is self-signed (which will cause browser warnings ) or it is invalid.”
After googling for a few minutes, I found some ideas at StackOverflow on why my SSL certificate isn’t working correctly.
The first possible cause that I found was this: my server isn’t providing an intermediate certificate as it should in the TLS handshake. One of the easiest ways to check if that’s true is to run ssllabs test. However, the ssllabs test didn’t give me any huge problems. That’s when I came back to StackOverflow to dive deeper.
Again, after a few minutes, I found another answer that could potentially solve my issue. The answer was suggesting that my server doesn’t include the chain crt, which is absolutely necessary for Facebook’s Open Graph.
There is a great test to check if your server is missing the chain crt, you can find it here – whatsmychaincert.com.
How to Add a Chain CRT to Your Server?
It all depends on your situation. If you are on shared hosting and you don’t have SSH access to your server, then you must contact your hosting provider – they must solve it for you. However, if you have a VPS or a dedicated server with Ubuntu, then I have written a short guide on how to do this. Check this out.
Log in with the SSH to your server and find your website’s apache or nginx configuration file. Mine is here /etc/apache2/sites-available/victorlava-com.conf
.
cd /etc/apache2/sites-available nano victorlava-com.conf
Then head to whatsmychaincert.com enter your website’s URL and download the chain crt. Then get the contents of this file with cat
, copy the content and paste it into your server at where you store your SSL certificates. I store them at /etc/apache2/ssl/
.
After that, come back to whatsmychaincert.com, scroll down a little bit more and find the section that generates configuration files for SSL certificate. Choose your web server, mine is Apache. Code for Apache web server looks something like this:
SSLEngine on SSLCertificateKeyFile /path/to/example.com.key SSLCertificateFile /path/to/example.com.crt SSLCertificateChainFile /path/to/example.com.chain.crt
Edit the path to where you have placed your SSL key, crt and chain crt files. After this it will look something like this:
SSLEngine on SSLCertificateKeyFile /etc/apache2/ssl/victorlava.com.key SSLCertificateFile /etc/apache2/ssl/victorlava.com.crt SSLCertificateChainFile /etc/apache2/ssl/victorlava.com.chain.crt
The final result looks something like this on my .conf
file:
<IfModule mod_ssl.c> <VirtualHost *:80> ServerName www.victorlava.com Redirect permanent / https://victorlava.com/ </VirtualHost> <VirtualHost _default_:443> ServerAdmin admin@victorlava.com ServerName victorlava.com ServerAlias www.victorlava.com DocumentRoot /srv/user/oblivion/www/victorlava.com <Directory /srv/user/oblivion/www/victorlava.com/> Options Indexes FollowSymLinks AllowOverride All Require all granted </Directory> SSLEngine on SSLCertificateKeyFile /etc/apache2/ssl/victorlava-com.key SSLCertificateFile /etc/apache2/ssl/victorlava-com.crt SSLCertificateChainFile /etc/apache2/ssl/victorlava-com.chain.crt ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <IfModule mod_dir.c> DirectoryIndex index.php index.pl index.cgi index.html index.xhtml index.htm </IfModule> </VirtualHost> </IfModule>
Save the file and restart your Apache web server:
sudo service apache2 restart
Come back to whatsmychaincert.com and check if it validates now. If it validates then check the status at Facebook’s Open Graph Object Debugger – if you have any remaining issues, fix them and you should be good.