Amazon ad widgets cannot source images by https

So in the process of moving my blog to https (thanks for the 1 year free certificate siteground) I have not been able to resolve the mixed-content warnings from Chrome using some of the Amazon Associates shopping widgets.

Even though the page is indeed coming from a https: URL, and the javascript that loads the ads widgets is loading over https: from amazon, the images for the dynamically created ad widget will only load over http URLs. This means that Chrome raises a mixed content warning, and removes the green padlock from the URL bar.

All attempts to resolve this via help channels at Amazon have so far failed.

Users have been complaining about this problem for several years now.

This is my plea for help !

Symptom

The green padlock goes away after the page loads 😦

The Chrome browser console has several errors like this;

Mixed Content: The page at 'https://rosacea-support.org/favourite-over-the-counter-treatments.html' was loaded over HTTPS, but requested an insecure image 'http://ecx.images-amazon.com/images/I/41zNnYmDysL._AC_SL115_.jpg'. This content should also be served over HTTPS.

So here is the actual problem – the code generated by the javascript loads

http://ecx.images-amazon.com/images/I/41zNnYmDysL._AC_SL115_.jpg

instead of

https://ecx.images-amazon.com/images/I/41zNnYmDysL._AC_SL115_.jpg

Web Site Code

Here is the block of javascript that loads the widget

amzn_assoc_placement = "adunit0";
amzn_assoc_enable_interest_ads = "true";
amzn_assoc_tracking_id = "PRIVATE";
amzn_assoc_ad_mode = "auto";
amzn_assoc_ad_type = "smart";
amzn_assoc_marketplace = "amazon";
amzn_assoc_region = "US";
amzn_assoc_linkid = "6b455ae8e40389f961f7ba9651e96dae";
amzn_assoc_emphasize_categories = "51569011,2619525011,2617941011,165796011,3760911,1000,13900861,5088769011,2238192011,16310101,3760901,1055398,3367581,284507,599858,1064954,2972638011,2619533011,672123011,3375251,228013,165793011,377110011";
amzn_assoc_fallback_mode = {"type":"search","value":"rosacea"};
amzn_assoc_default_category = "All";

//z-na.amazon-adsystem.com/widgets/onejs?MarketPlace=US

You can see the script is sourced as // which means that the URL that Chrome uses to load the script will take either http or https from the browser session that the current user is loading the page with.

The widget does work, the ad block is displayed.

but at the expense of the errors and losing the reassuring green padlock.

C’mon amazon, please fix this.

 

Using free LetsEncrypt https SSL on Bitnami LAMP on EC2

If you want to try out the new free SSL certificate using LetsEncrypt for a web site hosted on Bitnami LAMP Stack on Amazon EC2, here is how I did it.

First of all I’m using a very simple apache install on bitnami, so the default bitnami supplied scripts to configure apache2 and mysql and php are all still there in the default location.

Webroot installation

I decided to try to do a “webroot” installation of letsencrypt because I didn’t really understand the alternatives. Turns out that the webroot installation was the best choice for me.

This install option uses the webroot area to create a temporary html file that the installation script can then see externally via a web request – proving that this really is the location of the host name you are asking for.

Multiple Host Names

You can create multiple secure names in one certificate file. I chose to create 2. Both work fine even without any apache vhost configuration active – just the incoming URL from the browser matching the hostname in the certificate is enough to go green in the address bar.

The name of the certificate files created by letsencrypt is based on the first hostname in the list  on the command line.

Here you can see the certificate name for both of the domains I created.

 

Installation

Install Letsencrypt scripts

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly -w /home/bitnami/htdocs -d ses.rosacea-support.org -d sandbox.pascoe.biz

-w is where your webroot is located and the multiple -d flags are for the domains that you want to secure.

The cert files are written to /etc/letsencypt/live

Update Apache to use the new certificates

sudo vim /home/bitnami/stack/apache2/conf/bitnami/bitnami.conf

Comment out the default SSL Certificate lines so that you are left with the following 3 lines.

SSLCertificateFile "/etc/letsencrypt/live/ses.rosacea-support.org/cert.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/ses.rosacea-support.org/privkey.pem"
SSLCertificateChainFile "/etc/letsencrypt/live/ses.rosacea-support.org/fullchain.pem"

Restart the LAMP stack.

sudo /opt/bitnami/ctlscript.sh restart

Voila!

Now you ought to be able to see a green https padlock !

Keep Updating.

The certificate needs to be updated every 90 days to remain valid. So keep hold of the command you used to generate the certificates as you will currently have to return every 3 months to refresh the certs. Hence this blog post – I’m keeping my command here ready for a refresh !

I’m assuming that the old certs will be moved aside and the symbolic links in /etc/letsencrypt/live will be updated to automatically use the new refreshed certs. Will wait and see. Might also need to “git pull” updates to letsencrypt before I start in 3 months time too.

[update:] Here is a page on what commands I used to update my letsencrypt certificates – LETSENCRYPT SSL CERTIFICATE RENEWAL COMMAND

More info on LetsEncrypt – https://letsencrypt.org/

 

 

Removing stuck CD/DVD in Dell XPS 2710

I inserted a CD into my drive in my Dell XPS 2710 that has been upgraded to Windows 10 and it was of an unknown format and would not eject.

Symptoms

• Using the keyboard combination Fn + Eject
• Using Eject Menu item from Explorer was absent
• Using Eject from any windows program failed
• Explorer shows desktop.ini and whirs the CD drive every few moments forever.
• Proximity eject “soft” button at the bottom right of the screen ignored.

So there was only one thing for it. Take the back off, remove the CD/DVD/BluRay drive and extract the disk.

Thankfully I was inspired by how easy this would be by this video

 

The drive has 4 screws and a ribbon cable with connector and it is out. Next remove 4 small screws on the back of the drive casing and you can pop the disk out.

All done. Just 10 minutes.

The disk was not `finalised’ so I think it was just invalid and the combination of Windows 10 and the drivers meant that all the eject options failed.

The disk does not read in Windows 7 machine either, but at least there Explorer still has the eject option available from the right mouse click.