I just looked into it, this issue is only occuring on SSL enabled instances because of a change introduced by Gfycat.
Gfycat is no longer serving iframe content (in oEmbed) over secure connection (
HTTPS), hence SSL enabled Discourse instances are giving following error when trying to onebox Gfycat link:
Mixed Content: The page at 'https://meta.discourse.org/t/gyfcat-onebox-bug/35916/3' was loaded over HTTPS, but requested an insecure resource 'http://gfycat.com/ifr/FirsthandMeekAfricanaugurbuzzard'. This request has been blocked; the content must be served over HTTPS.
oEmbed URL: http://gfycat.com/cajax/oembed/FirsthandMeekAfricanaugurbuzzard
The proper fix for this is that Gfycat should be serving iframe over HTTPS. I will try to bring this issue in their notice.
The last option would be to create a custom Gfycat onebox, where I will have to force the Gfycat iframe URL to be served over HTTPS.