That's a good point. I had not considered the certs, but that could indeed be the problem if your CA lists aren't up to date. This wouldn't have anything to do with *your* cert, but if your authority list doesn't include the authority that FB's cert is signed by, and you happen to be using the curl module for http, then curl will fail the certificate verification. I just never considered an out-of-date CA list, but that is quite probable in fact, on some hosting services.
Try the code I just committed to trunk. I added the sslverify=false flag to make it ignore the certificate verification. This is technically less secure, but it will at least let it work if your installation's CA list isn't up-to-date:
Note: trunk has been heavily altered to deal with the OAuth2 migration, so you'll need to update practically all of the PHP files, and I haven't fully got the comments module working again yet. Sorry. It'll be working in a week or so, because OAuth2 is being forced on all users by October 1st and I've gotta get this update out the door. If it makes you feel any better, I'm running this very same code on my own sites, live, to iron out the issues with it.