We developed a Facebook app for a website for a client. It was a simple app, all it did was publish a photo to Facebook pages. Everything worked perfectly on our development server.  We were happy and our client was happy.  Then we deployed to production and our troubles began.  Our client is using GoDaddy for their hosting and installed their free SSL certificate that came with thier hosting package.

Now anyone who’s worked with the Graph API has probably encounter the ever helpful “An unknown error has occurred.” error message.  What does this mean?  It means that something is wrong with your API call.  Isn’t that helpful?  No, it really isn’t.

I built out our API call using the Graph API Explorer and I was getting a different error.  Great!  Actually, this error was a bit more helpful.  This error was “(#324) Missing or invalid image file” so that told me it had to do with our image.  What could it be though?  I could take our image url and paste it in a browser and I could view the image just fine.  The only difference between development and production was that our images were coming from our backend API which had the SSL certificate on it.

At this point, I began searching without success for issues with the Graph API and https images.  Like any search you do for help with Facebook, the first several results are links to the Facebook developer site which, if you are reading this, you know the documentation there isn’t the greatest.  Still using the Graph API Explorer, I tried an image from my bank’s website.  It worked!  I tried using an image from a different secure website and it worked as well!  Awesome!  Then I put our secure image url back in and once again I got the “(#324) Missing or invalid image file” error.  OK, so it’s something with our SSL.

Since I was stuck at this point, I turned to the Facebook Developer group.  I explained our problem the best I could and included the links to our images on our server that we were getting the errors with. A few hours later I had a few replies and one stood out from all the others.  One particular person looked at our image, the domain and our SSL information.  He said our SSL is from Parallels Panel Certificate Authority, which is not generally trusted. Facebook (along with most web visitors to your secure URL) get as far as the invalid SSL certificate error message.  So what I imagine is happening is that Facebook attempts to get our image and there is a SSL certificate error message which then throws the Graph API error that there was a problem with the image.

I then did some searching about self-signed certificates and what they are.  The best explanation I found was here.  This explained everything and I learned much more about SSL certificates that I did before.

How did we eventually resolve our problem?  While we work with our client to get a new SSL, one from a trusted Certificate Authority, we found a work-around.  We duplicated our API subdomain onto a non-SSL subdomain and changed our Graph API post to Facebook with the image to use this API call instead.  Was this just a hack?  Yes.  Did it fix our issue?  Yes.  Is our client’s site now live and functioning properly? Yes.  Now that the site is up and running, we’re communicating with our client on a permanent SSL solution.