How was Ghost installed and configured? DigitalOcean 1 click install
What Node version, database, OS & browser are you using? npm 8.15.0, node 16.17.0, Mac, Chrom
What errors or information do you see in the console?
The issue I’m having is that during the Ghost 1 click install it always fails when it gets to the SSL set up with the following.
✖ Setting up SSL
+ sudo mv /tmp/mywebsite-com/ghost_mywebsite-com.service /lib/systemd/system/ghost_mywebsite-com.service
+ sudo systemctl daemon-reload
✔ Setting up Systemd
+ sudo systemctl is-active ghost_mywebsite-com
+ sudo systemctl start ghost_mywebsite-com
+ sudo systemctl is-enabled ghost_mywebsite-com
+ sudo systemctl enable ghost_mywebsite-com --quiet
✔ Starting Ghost
One or more errors occurred.
1) CliError
Message: Failed to restart Nginx.
Debug Information:
OS: Ubuntu, v22.04.1 LTS
Node Version: v16.17.0
Ghost Version: 5.53.1
Ghost-CLI Version: 1.24.0
Environment: production
Command: 'ghost install --auto --db=mysql --dbhost=localhost --dbport=3306 --dbname=ghost_production --dbuser=root --dbpass=REMOVED_PASS --dir=/var/www/ghost --start'
Additional log info available in: /home/ghost-mgr/.ghost/logs/ghost-cli-debug-2023-06-27T09_18_12_583Z.log
Try running ghost doctor to check your system for known issues.
You can always refer to ghost.org/docs/ghost-cli/ for troubleshooting.
Job for nginx.service failed because the control process exited with error code.
See "systemctl status nginx.service" and "journalctl -xeu nginx.service" for details.
I’ve set up one site from scratch without any issues. I’m now trying to set up a second but I’m running into an issue and searching I cannot find anything to help. The only differences with this config is I’m using Cloudflare instead of namecheap for hosting and for this site I trialed Ghost Pro before deleting everything and starting again. I did configure it with a custom domain before removing and deleting the connection.
I’ve run ghost doctor but it wasn’t much help. Previously it was failing on the nginx step but I’m now getting past that. The only post that I can find that gives me a clue to what’s happening is this.
The folder was indeed named with _ecc at the end but I’m not sure what to do about it or why it’s happening. mv can’t be invoked to make any changes as this change was restricted, even if it did I’m not sure how to restart the set up step and get past the issue.
I’ve since updated npm to the latest as there was a message about that.
What steps could someone else take to reproduce the issue you’re having?
One click install on digital ocean droplet with cloudflare as host. I followed this video exactly. https://www.youtube.com/watch?v=hAExY4tOAwA
Any ideas on how I can proceed or what’s happening would be very appreciated.
Thanks
Also, note that Let’s Encrypt can fail behind Cloudflare, so place in development mode when requesting certificates, and don’t force HTTPS connections.
What do you mean by ‘mv can’t be invoked’? You should have root access on the droplet. I think the best option is actually not to move the folder (because lets encrypt may expect it to be at that location), but to edit the nginx configuration file to point to the ecc location. You’re going to find those config files at something like /etc/nginx/sites-available/yourdomain-ssl.conf. Check for configurations pointing at a directory that’s yourdomain instead of yourdomain_ecc, and adjust to yourdomain_ecc. If you want to post that yourdomain-ssl.conf file and the results of ls /etc/letsencrypt, I can try to be more specific.
An FYI for @mjw, in case you missed it - when I spun up a new DO droplet yesterday using the Ghost 1-click install, the certificates are indeed ending up in domainname_ecc but the nginx config files are pointing at domainname, and that causes the behavior being described. That may explain the recent outbreak in reports of this problem on the forum. [Tagging you here since you answer a LOT of Nginx/certificate/proxy questions, and that info may help solve the problem faster.]
I’ve attempted to change the config of mywebsite.com to the following to match, here is a partial of the file were I’ve made changes
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mywebsite.com;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification >
ssl_certificate /etc/letsencrypt/mywesbite.com_ecc/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/mywebsite.com_ecc/bowiesensei.com.ke>
include /etc/nginx/snippets/ssl-params.conf;
I tried nginx -t again in /etc/nginx/sites-available, I’m quite new to this but I believe tests the config? I get the following
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2023/06/29 08:33:52 [warn] 59063#59063: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
2023/06/29 08:33:52 [emerg] 59063#59063: cannot load certificate key "/etc/letsencrypt/mywebsite.com_ecc/mywebsite.com.key": BIO_new_file() failed (SSL: error:8000000D:system library::Permission denied:calling fopen(/etc/letsencrypt/mywesbite.com_ecc/mywebsite.com.key, r) error:10080002:BIO routines::system lib)
nginx: configuration file /etc/nginx/nginx.conf test failed
It looks like Let’s Encrypt failed during the installation: either the certificates weren’t issued or couldn’t be delivered since they don’t exist on the server.
Try running ghost setup ssl, but make sure you allow HTTP (80) and HTTPS (443) traffic, and have Cloudflare in development mode.
So i’ve enabled development mode and checked the ports 80 and 443 are allowed. When I run ghost setup ssl I get SSL has already been set up, skipping ℹ Setting up SSL [skipped]. I’ve tried stopping the server and running but it made no difference.
I ran it as ghost setup --ssl based on something I saw when returning ghost ssl help, that seemed to work. All good for the naked (non www) domain.
I then had the issue of www not redirecting always or having an SSL cert. I eventually read that Ghost can only have one domain for SEO reasons and such so the process is as follows in this article.
I followed that advice but with the additional step of having to rename the following files to include ecc in them otherwise the config failed.
No idea why it’s adding this ecc. I’m not sure if that’s an issue for DigitalOcean’s 1 click installer or for Ghost to resolve. My guess is DigitalOcean.
At first I didn’t know where to find those files but I then remembered where I’d seen them
/etc/nginx/sites-available
So I updated this thread with no responses to answer that.
Thanks for your help everyone, I really would have been stuck without it. I finally have the certificates working with www and non www versions.
I think the best option is actually not to move the folder (because lets encrypt may expect it to be at that location), but to edit the nginx configuration file to point to the ecc location. You’re going to find those config files at something like /etc/nginx/sites-available/yourdomain-ssl.conf. Check for configurations pointing at a directory that’s yourdomain instead of yourdomain_ecc, and adjust to yourdomain_ecc. If you want to post that yourdomain-ssl.conf file and the results of