Error configuring SSL

Developer help
1

My URL : ghost.anant1.net
OS: Ubuntu, v20.04.4 LTS
Node Version: v16.15.0
Ghost Version: 5.0.0
Ghost-CLI Version: 1.21.0
Environment: production
Command: ‘ghost setup ssl’

I have manually installed Ghost on a VPS, with MySQL and Nginx.
Set up is fine and I can access my page, but cannot set up SSL.
Would much appreciate the help. I am just starting with self-hosting and have already pushed my limits to get here!

Below the error log:

Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#'  /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain ghost.anant1.net --webroot /home/anant1/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail abargel@mailbox.org
[Tue May 24 13:36:29 UTC 2022] ghost.anant1.net:Verify error:199.241.137.220: Invalid response from http://ghost.anant1.net/.well-known/acme-challenge/gyfc1yfhiwaptkyeuvavjua5ly-zns_nwy-7o53ovkw/: 404
[Tue May 24 13:36:29 UTC 2022] Please add '--debug' or '--log' to check more details.
[Tue May 24 13:36:29 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

[Tue May 24 13:36:24 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue May 24 13:36:24 UTC 2022] Single domain='ghost.anant1.net'
[Tue May 24 13:36:24 UTC 2022] Getting domain auth token for each domain
[Tue May 24 13:36:26 UTC 2022] Getting webroot for domain='ghost.anant1.net'
[Tue May 24 13:36:26 UTC 2022] Verifying: ghost.anant1.net
[Tue May 24 13:36:26 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30)

Exit code: 1

--------------- stdout ---------------
[Tue May 24 13:36:24 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue May 24 13:36:24 UTC 2022] Single domain='ghost.anant1.net'
[Tue May 24 13:36:24 UTC 2022] Getting domain auth token for each domain
[Tue May 24 13:36:26 UTC 2022] Getting webroot for domain='ghost.anant1.net'
[Tue May 24 13:36:26 UTC 2022] Verifying: ghost.anant1.net
[Tue May 24 13:36:26 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30)


--------------- stderr ---------------
[Tue May 24 13:36:29 UTC 2022] ghost.anant1.net:Verify error:199.241.137.220: Invalid response from http://ghost.anant1.net/.well-known/acme-challenge/gyfc1yfhiwaptkyeuvavjua5ly-zns_nwy-7o53ovkw/: 404
[Tue May 24 13:36:29 UTC 2022] Please add '--debug' or '--log' to check more details.
[Tue May 24 13:36:29 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
2

It means the CA (zerossl) is busy at the moment. I believe you can configure ACME to use letsencrypt instead.

3

Hm, sorry if I sound stupid, but I thought I was using letsencrypt…

If not, could you please point me in the right direction to fix it? As I said, I’m a bit of a noob…

4

What I wrote isn’t strictly correct. If it’s a new certificate it’ll come from ZeroSSL by default. However, certificates issued before August 2021 will continue to use Let’s Encrypt.

Ghost uses ACME to issue an SSL certificate. The default CA changed last year.

5

It says this on line 6, so am I not already on Let’s Encrypt? Certificate is new (today).

Otherwise, from the page you linked, where could I use this server parameter? Since I am only typing “ghost setup sssl”.

Thanks again!

6

That’s where the ACME server is located. To use the --server parameter you’ll have to manually issue the certificate.

Just try ghost setup ssl again as the CA may be available now.

7

No luck, same error.

Hm, that leaves me a bit stuck. :(

8

Try manually… you already posted the command!


/etc/letsencrypt/acme.sh --server letsencrypt --issue --home /etc/letsencrypt --server letsencrypt --domain ghost.anant1.net --webroot /home/anant1/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail abargel@mailbox.org
9

Oh, right… So, I just tried, and it got rid of the initial “command fail” message, but still, I get this:

root@anant1:/home/anant1/ghost# /etc/letsencrypt/acme.sh --server letsencrypt --issue --home /etc/letsencrypt --server letsencrypt --domain ghost.anant1.net --webroot /home/anant1/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail abargel@mailbox.org
[Tue May 24 19:36:14 UTC 2022] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Tue May 24 19:36:14 UTC 2022] Single domain='ghost.anant1.net'
[Tue May 24 19:36:14 UTC 2022] Getting domain auth token for each domain
[Tue May 24 19:36:15 UTC 2022] Getting webroot for domain='ghost.anant1.net'
[Tue May 24 19:36:15 UTC 2022] Verifying: ghost.anant1.net
[Tue May 24 19:36:16 UTC 2022] Pending, The CA is processing your order, please just wait. (1/30)
[Tue May 24 19:36:20 UTC 2022] ghost.anant1.net:Verify error:199.241.137.220: Invalid response from http://ghost.anant1.net/.well-known/acme-challenge/i3a54hWo2TA107lMlPgSODagsDzenXtQ5HGUd1zRSQc: 502
[Tue May 24 19:36:20 UTC 2022] Please add '--debug' or '--log' to check more details.
[Tue May 24 19:36:20 UTC 2022] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
10

Your site isn’t available: 502 bad gateway. Is Ghost running?

11

Oh, you’re right. It was available this afternoon, when I posted the question.
I ran “ghost setup” again just now, ghost is indeed running, but I get 502 also for the ghost admin page.

12

Well, I guess I am going to start over. Apparently, I have reverse proxy issues for not setting things up in the right order at the beginning. Thank you for helping!! :grinning:

1 Like