I just looked into it, this issue is only occuring on SSL enabled instances because of a change introduced by Gfycat.
Gfycat is no longer serving iframe content (in oEmbed) over secure connection (HTTPS), hence SSL enabled Discourse instances are giving following error when trying to onebox Gfycat link:
Mixed Content: The page at 'https://meta.discourse.org/t/gyfcat-onebox-bug/35916/3' was loaded over HTTPS, but requested an insecure resource 'http://gfycat.com/ifr/FirsthandMeekAfricanaugurbuzzard'. This request has been blocked; the content must be served over HTTPS.
oEmbed URL: http://gfycat.com/cajax/oembed/FirsthandMeekAfricanaugurbuzzard
The proper fix for this is that Gfycat should be serving iframe over HTTPS. I will try to bring this issue in their notice.
The last option would be to create a custom Gfycat onebox, where I will have to force the Gfycat iframe URL to be served over HTTPS.