SSL Certificate error on Facebook Android App Only

Question

I'm using Gandi SSL certificate on my subdomain and it's working just fine except when website is accessed through Facebook Android app where I get a security error.

I've doubled checked with SSLShoper and QUALYS SSL LABS, with no issue with the chain reported.

Website URL is https://tickets.shotguntheapp.com/events/5569 and it can be accessed through Facebook by clicking "Tickets available" here

Any clue where the issue could come from?

*******Solved issues******

1. First issue was a missing certificate in the chain as Anand explained it very well
2. Second issue was in my Heroku certs:update command. If you run heroku certs, you might see two certificates, of type SNI and Endpoint. Both have to be updated!

Answer 1

If you look at the Certification Paths section of SSL Labs, you will see that there are two trust paths.

While you are sending an intermediate certificate that extablishes trust for the first path, that particular root (Gandi Standard SSL CA 2 -- SHA1: 2b8f1b57330dbba2d07a6c51f70ee90ddab9ad8e) was only added in Android 5.1. You haven't specified the version of Android you're seeing this error on and I'm assuming it is something before 5.1.

You will need to send another intermediate cert (USERTrust RSA Certification Authority -- SHA1: eab040689a0d805b5d6fd654fc168cff00b78be3) to complete the second certification path. You can obtain the correct set of both intermediate chains, in the right order, from What's My Chain Cert?