I setup Ghost several months ago, and I set up an SSL during Ghost installation.
The generated nginx configuration:
server {
listen 80;
listen [::]:80;
server_name my-domain.org;
root /opt/blog/web/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
location ~ /.well-known {
allow all;
}
client_max_body_size 50m;
}
the root directory is /opt/blog/web/system/nginx-root
Today I found my SSL certificate is expired, I run the acme.sh cron job command: /etc/letsencrypt/acme.sh --cron --home /etc/letsencrypt
I found when letsencrypt request my well-known file error, 404 not found.
On the nginx error log, I found nginx can not find this file: open() "/opt/blog/web/system/nginx-root/.well-known/acme-challenge/RVCmREi-LIUicL69dyzh8Gep64L27i7qcDI9yARMT-0" failed (2: No such file or directory)
But I found the file was created on /opt/blog/system/.well-known/acme-challenge/xxxx, that’s not correct with the nginx config.
After I checked acme.sh config, I found the Le_Webroot is incorrect.