fails to fetch some https URLs #12

willnorris opened this Issue Feb 26, 2013 · 12 comments


3 participants

When attempting to login using IndieAuth states that it couldn't find any rel="me" links (example). The links are there, as doing discovery on works just fine (example).

I suspect that the problem is that I'm using SSL with SNI. Based on this stackoverflow discussion, it seems that a little extra work is necessary to have ruby support SNI.

@aaronpk did you change anything on the server? It doesn't look like you've made any code changes since I filed this issue, but things seem to work fine now.


aaronpk commented Mar 18, 2013

I didn't, actually... Did you update any SSL config stuff on your server?

nope, haven't touched anything on my end either. After trying a few other things, it looks like perhaps my webhost restarted the apache server and I just lucked out and now my cert is the first one listed, so it's being served by default. Trying my wife's site results in the same error I was seeing before.j

So my personal immediate itch is scratched... at least until the next server reboot :)


aaronpk commented Jun 18, 2013

Looked at the server logs, it's getting this error from OpenSSL:

"SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed"


aaronpk commented Jun 18, 2013

Fixed this by installing an updated cert file. It was probably using the default system one before, now it's pushed up and included in the IndieAuth source code. The one I grabbed was from here:

This is the main StackOverflow thread that led me to this:


aaronpk commented Jun 18, 2013

Fixed in 4b9ae70

aaronpk closed this Jun 18, 2013

As of this morning I am having the same problem (

Everything has worked fine for months, until today. I have verified that my certificate is current, and was last changed when I renewed it in August. I am pretty sure the root cert (Comodo) is part of the standard bundle shipped with Windows, Firefox, etc.

aaronpk reopened this Dec 2, 2013

the fact that is even showing up as a candidate identity means you're probably not running into the same SSL issue. However, indieauth certainly seems to be having issues verifying the backlinks from Twitter (as well as Google+ and the only identity it seems to be confirming for me is GitHub and email:

hmm.. seems not to allow for https links for verified domains. That would explain why that backlink won't work. I'll ping folks about that.

Confirmed: works but fails.

Thanks for the work-around, Will.

just FYI, now supports https rel=me links:


aaronpk commented Apr 4, 2014


Also, to update this thread, I've moved to a new server with a much better list of root CAs, so we shouldn't have trouble with SSL certs anymore!

I'll close this thread, if anyone still encounters errors where is not able to read your site feel free to re-open.

aaronpk closed this Apr 4, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment