Fetch failed to start on Google Font requests

[etcook]

I'm getting the following error regularly in my logs:

2015/04/01 14:35:07 [warn] 9#0: [ngx_pagespeed 1.9.32.3-4448] Fetch failed to start: https://fonts.googleapis.com/css?family=Merriweather:400,700,900,300

That's the only url that it seems to have an issue with. Are there any recommendations for troubleshooting?

[oschaaf]

@etcook Do you have native fetching on?

[etcook]

@oschaaf my pagespeed configuration is the following:

    pagespeed on;
    pagespeed FileCachePath /var/ngx_pagespeed_cache;
    pagespeed RewriteLevel CoreFilters;
    pagespeed EnableFilters make_google_analytics_async;
    pagespeed EnableFilters canonicalize_javascript_libraries;
    pagespeed EnableFilters collapse_whitespace;
    pagespeed EnableFilters combine_heads;
    pagespeed EnableFilters dedup_inlined_images;
    pagespeed EnableFilters defer_javascript;
    pagespeed EnableFilters elide_attributes;
    pagespeed EnableFilters inline_import_to_link;
    pagespeed EnableFilters inline_google_font_css;
    pagespeed EnableFilters inline_preview_images;
    pagespeed EnableFilters lazyload_images;
    pagespeed EnableFilters local_storage_cache;
    pagespeed EnableFilters remove_quotes;
    pagespeed EnableFilters in_place_optimize_for_browser;
    # pagespeed EnableFilters sprite_images;
    pagespeed EnableFilters insert_image_dimensions;
    pagespeed EnableFilters move_css_above_scripts;
    pagespeed EnableFilters move_css_to_head;
    # pagespeed EnableFilters insert_dns_prefetch;
    pagespeed EnableFilters prioritize_critical_css;
    pagespeed EnableFilters remove_comments;

I do not have pagespeed UseNativeFetcher on; set

[oschaaf]

@etcook Thanks. I missed the fact that you are getting this error for a https url. You might want to enable https support, which should help with getting rid of the warning: https://developers.google.com/speed/pagespeed/module/https_support

[etcook]

@oschaaf Let me get that configured right now, thanks. Our entire site is https - would that really be the only asset it's trying to fetch over https?

[etcook]

@oschaaf I added domain mapping for fonts.googleapis.com - thank you so much.

[etcook]

@oschaaf I thought I had it, but no luck.

Was this not the right way to handle it? I put this in the server block:

    pagespeed MapOriginDomain "http://fonts.googleapis.com/" "https://fonts.googleapis.com/";

[jeffkaufman]

Can you turn on HTTPS Fetching? https://developers.google.com/speed/pagespeed/module/https_support#https_fetch

pagespeed FetchHttps enable;

[etcook]

@jeffkaufman It is now resolved. Is fetchhttps required for maporigin to work?

[jeffkaufman]

MapOriginDomain probably didn't work here because Google Fonts is HTTPS only.

Which means https://developers.google.com/speed/pagespeed/module/filter-css-inline-google-fonts should be telling people to turn on FetchHttps. I'll do that.

[etcook]

@jeffkaufman Why does this work?

http://fonts.googleapis.com/css?family=Merriweather:400,700,900,300

[jeffkaufman]

Hmm, I'm not sure why. @morlovich can you look at this? Why do we need FetchHttps and not MapOriginDomain here?

[etcook]

Note, the inline injected CSS from the inline_google_font_css filter seems to output the http proto variant, regardless of whether you have https enabled or not.

[jeffkaufman]

seems to output the http proto variant, regardless of whether you have https enabled or not.

Does this give you a mixed content warning then?

[etcook]

@jeffkaufman Unfortunately, yes.

[jeffkaufman]

@etcook Is the mixed content problem with FetchHttps or just MapOriginDomain?

[etcook]

@jeffkaufman I'm no longer using MapOriginDomain.

[jeffkaufman]

@etcook ok, just checking.

I'll need to set up a test site.

[islamx]

Hi,

Sorry for the basic question, Please where i should be put the pages-peed configuration?

Should this change made by hosting provider through administration?

[jeffkaufman]

@islamx With questions the best thing to do is to write to https://groups.google.com/forum/#!forum/ngx-pagespeed-discuss This thread here is for discussing a bug, and it seems like you're having an unrelated problem.

[clandestino52]

Hello,

I think this issue is still not resolved.

When I enable https fetching, ModPagespeedFetchHttps enable,allow_self_signed,allow_unknown_certificate_authority,allow_certificate_not_yet_valid

I have this error

Fetch failed to start: https://fonts.googleapis.com/css?family=Montserrat&display=swap [https://fonts.googleapis.com/css?family=Montserrat&display=swap:0] serf_context_run error status=20014 (Internal error (specific information not available))

If I disable https fetching the font inlining works.

Version: 1.13.35.2-0

[Lofesa]

@clandestino52 Have you set the certificates? if you enable ModPagespeedFetchHttps you need to set ModPagespeedSslCertDirectory and ModPagespeedSslCertFile https://www.modpagespeed.com/doc/https_support#configuring_ssl_certificates

Think in pagespeed fetching a url as a brownser doing the same, for ssl the brownser need CA certificates.

[clandestino52]

Yes of course I did. But not sure if it's correct. Https fetching seem correct for domain pages except for google fonts.

ModPagespeedSslCertDirectory "/etc/pki/tls/private" ModPagespeedSslCertFile private-certificate.key

/etc/pki/tls/private is the directory where private-certificate.key file exist.

private-certificate.key is our domain private key.

[Lofesa]

I think is not correct. You have pki in your path, so maybe is a redhat/centos distro, so the directives must be:

ModPagespeedSslCertDirectory /etc/pki/tls/certs
ModPagespeedSslCertFile /etc/pki/tls/cert.pem

and the cert.pem is a link to /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

As you can see this file is a CA bundle, not the certificates for your server.

[clandestino52]

Thank you Lofesa. It works !

I thought that the certificate must be my SSL domain certificate.