Hi everyone,
This is my first time posting here. I have been searching in several forums to solve my problem and can’t seem to find the solution so I decided to make my own post.
I hope you can help me!
I am getting “DEPTH_ZERO_SELF_SIGNED_CERT”error in my ghost production environment.
The situation is: I have my ghost environment installed in a linux server with this configuration:
{
"url": "https://blog.servername.com",
"server": {
"port": 2368,
"host": "0.0.0.0"
},
"database": {
"client": "mysql",
"connection": {
"host": "localhost",
"user": "ghost-137",
"password": "xxxxxx",
"database": "ghost_dev"
}
},
"mail": {
"transport": "Direct"
},
"logging": {
"transports": [
"file",
"stdout"
]
},
"process": "systemd",
"paths": {
"contentPath": "/var/www/ghost/content"
}
}
At the same time, I have a Nodejs express server in the same machine hosting a webpage. The webpage is calling the ghost API in the following manner:
const GhostContentAPI = require('@tryghost/content-api');
const ghostApi = new GhostContentAPI({
url: 'http://0.0.0.0:2368',
key: 'xxxmykeyxxxx',
version: 'v3'
});
app.get('/blog', function (req, res) {
var cPost = '';
ghostApi.posts
.browse({ limit: 3, include: 'tags,authors' })
.then((posts) => {
posts.forEach((post) => {
var temp = createBlogItem(post);
cPost += temp;
});
return res.send(cPost);
})
.catch((err) => {
console.log('ERROR!!!')
console.error(err);
});
});
The createBlogItem function is just wrapping the info into html tags.
Finally, I have an nginx reverse proxy with the following configuration for the 2 domains:
-
Servername:
upstream servername.com { server 127.0.0.1:3000; keepalive 8; } server { server_name servername.com www.servername.com; access_log /var/log/nginx/servername.com.access.log; error_log /var/log/nginx/servername.com.error.log; # pass the request to the node.js server with the correct headers # and much more can be added, see nginx config options location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header X-Frame-Options SAMEORIGIN always; proxy_pass http://servername.com/; proxy_redirect off; } location /es/ { proxy_pass http://servername.com/es/; } listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/servername.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/servername.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = servername.com) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = www.servername.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name servername.com www.servername.com; return 404; # managed by Certbot }
-
blog.servername:
upstream blog.servername.com { server 127.0.0.1:2368; keepalive 8; } server { server_name blog.servername.com; access_log /var/log/nginx/blog.servername.com.access.log; error_log /var/log/nginx/blog.servername.com.error.log; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; add_header X-Frame-Options SAMEORIGIN always; proxy_pass http://127.0.0.1:2368/; proxy_redirect off; } listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/blog.servername.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/blog.servername.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = blog.servername.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name blog.servername.com; return 404; # managedby Certbot }
The first time I defined this environment all communication was working properly but now that I enabled the SSL certificates (generated by certboot) for the webpage and the blog and forced the https as a protocol for both too, I get the error DEPTH_ZERO_SELF_SIGNED_CERT I previously mentioned. I am going crazy as I tried diffferent NGINGX configs, disable the
process.env.NODE_TLS_REJECT_UNAUTHORIZED = “0”
in my node server, and many others. But I can’t get the calls to the API to he executed correctly from the webpage.
If someone sees something I missed or knows how to help, I would very much appreciate it. Please let me know if you need any more info!
Thanks a lot