diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 66569561cb30166e2115691746e1f31076b1ad7f..1caaa20f7d6e48aea56892f15c57d86388f7748c 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -25,6 +25,7 @@ class ApplicationController < ActionController::Base
   rescue_from ActionController::InvalidAuthenticityToken, with: :unprocessable_entity
   rescue_from ActionController::UnknownFormat, with: :not_acceptable
   rescue_from Mastodon::NotPermittedError, with: :forbidden
+  rescue_from HTTP::Error, OpenSSL::SSL::SSLError, with: :internal_server_error
 
   before_action :store_current_location, except: :raise_not_found, unless: :devise_controller?
   before_action :require_functional!, if: :user_signed_in?
@@ -95,6 +96,10 @@ class ApplicationController < ActionController::Base
     respond_with_error(406)
   end
 
+  def internal_server_error
+    respond_with_error(500)
+  end
+
   def single_user_mode?
     @single_user_mode ||= Rails.configuration.x.single_user_mode && Account.where('id > 0').exists?
   end
diff --git a/app/controllers/media_proxy_controller.rb b/app/controllers/media_proxy_controller.rb
index 8da6c6fe0c908c076c01da1dc12cfbe8b298ee92..558cd6e301f348720c9d1701fce184d1f3ef88a1 100644
--- a/app/controllers/media_proxy_controller.rb
+++ b/app/controllers/media_proxy_controller.rb
@@ -7,6 +7,8 @@ class MediaProxyController < ApplicationController
 
   before_action :authenticate_user!, if: :whitelist_mode?
 
+  rescue_from ActiveRecord::RecordInvalid, with: :not_found
+
   def show
     RedisLock.acquire(lock_options) do |lock|
       if lock.acquired?