Alabaster Slim's Signature Images no longer working

Hardtarget

So this is damned odd and seems to be happening for anybody who has an old alabasterslim.com based steam sig. They no longer seem to load, whether in the body of a post or in the signature.

I'll take mine as a example, if you go to the direct link, it'll load fine: http://alabasterslim.com/76561197960696746/steam_sig.png
But if you try to embed it, nothing:


Any clues? I pinged him on Twitter and as far as he knows it should be all good

Unknown

This content has been removed.

Hardtarget

what the. nothing for me!

Sneaks

I don’t see it either, and I think that this might be a security certificate issue. If this “Alabaster Slim” site is signing its own certificate, Google Chrome will—by default—block a remote link. (If @Orca isn’t using Chrome, it might explain why they see it.)

That_Guy

I've been having the same problem for the last 6 months or so. It only seems to happen in Chrome. I don't get any sort of cert error on the website hosting the sig, just when it's trying to be displayed here.

Unknown

This content has been removed.

Hardtarget

Interesting. I've shot AlabasterSlim a message on Twitter, we'll see what he says!

Unknown

This content has been removed.

JaysonFour

Yeah, they're loading fine for me on Firefox.

This sounds like something on the Chrome side of things, I think.

Brolo

Mixed Content: The page at 'https://forums.penny-arcade.com/discussion/239666/alabaster-slims-signature-images-no-longer-working#latest' was loaded over HTTPS, but requested an insecure element 'http://alabasterslim.com/76561197960696746/steam_sig.png'. This request was automatically upgraded to HTTPS, For more information see https://blog.chromium.org/2019/10/no-more-mixed-messages-about-https.html

And then loading

https://alabasterslim.com/76561197960696746/steam_sig.png

returns:

NET::ERR_CERT_COMMON_NAME_INVALID

so the alabaster slim is not serving HTTPS in cross-domain contexts, and Chrome will try to force that connection. However the SSL Cert for Alabaster Slim is no longer valid, so Chrome aborts the transfer and errors out the request:

fetch("https://alabasterslim.com/76561198139993892/steam_sig.png", {
"referrer": "https://forums.penny-arcade.com/",
"referrerPolicy": "strict-origin-when-cross-origin",
"body": null,
"method": "GET",
"mode": "cors",
"credentials": "omit"
});

(FAILED) NET::ERR_CERT_COMMON_NAME_INVALID

you actually can force Chrome to load insecure sites with the following:

Option 2 – Prevent Warning
Click a blank section of the denial page.
Using your keyboard, type thisisunsafe. This will add the website to a safe list, where you should not be prompted again.

however that still returns a 500 series internal server error, it just looks like the Alabaster Slim service is not set up with HTTPS in mind

Suds

I finally looked into it. Spending the money for a SSL certificate, so hopefully that fixes it for people on Chromium.

Athenor

Suds wrote: »

I finally looked into it. Spending the money for a SSL certificate, so hopefully that fixes it for people on Chromium.

Any chance of using LetsEncrypt to save yourself some money?

Suds

Athenor wrote: »

Suds wrote: »

I finally looked into it. Spending the money for a SSL certificate, so hopefully that fixes it for people on Chromium.

Any chance of using LetsEncrypt to save yourself some money?

Super helpful! And easy to setup. Looks like it's working too.

Hardtarget

Suds wrote: »

Athenor wrote: »

Suds wrote: »

I finally looked into it. Spending the money for a SSL certificate, so hopefully that fixes it for people on Chromium.

Any chance of using LetsEncrypt to save yourself some money?

Super helpful! And easy to setup. Looks like it's working too.

success! That's fantastic