Ghost make an incorrect nginx configuration for HTTP?

I setup Ghost several months ago, and I set up an SSL during Ghost installation.

The generated nginx configuration:

server {
    listen 80;
    listen [::]:80;

    server_name my-domain.org;
    root /opt/blog/web/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

the root directory is /opt/blog/web/system/nginx-root

Today I found my SSL certificate is expired, I run the acme.sh cron job command: /etc/letsencrypt/acme.sh --cron --home /etc/letsencrypt

I found when letsencrypt request my well-known file error, 404 not found.

On the nginx error log, I found nginx can not find this file: open() "/opt/blog/web/system/nginx-root/.well-known/acme-challenge/RVCmREi-LIUicL69dyzh8Gep64L27i7qcDI9yARMT-0" failed (2: No such file or directory)

But I found the file was created on /opt/blog/system/.well-known/acme-challenge/xxxx, that’s not correct with the nginx config.

After I checked acme.sh config, I found the Le_Webroot is incorrect.

Hi,

I think you’re missing the webroot configuration in your acme.sh command.
Try running the following

/etc/letsencrypt/acme.sh --cron --home /etc/letsencrypt -w /opt/blog/web/system/nginx-root

Alternatively if you don’t want to hack the setup yourself, consider using DigitalPress. It provides free Ghost hosting which configures everything for you automatically – including the SSL certificate.
There’s a simple web dashboard where you can create your own blog, set the domain, enable comments, analytics, etc.

It’s really simple – give it a try.

Thanks, I modified letsencrypt configuration for my domain, I don’t know why the incorrect directory is recorded in that configuration file.

1 Like