`ghost setup ssl`: Error, can not get domain token entry

Hello,

I’m trying to install a new Ghost on my domain. Apparently I’m having some issues with SSL. The Ghost installation works fine until the SSL setup.

I run manually this command after it failed: ghost setup ssl with no luck.

Here is what I have in log:

Debug Information:
    OS: Ubuntu, v18.04
    Node Version: v10.15.1
    Ghost-CLI Version: 1.11.0
    Environment: production
    Command: 'ghost setup ssl'

Message: Command failed: /bin/sh -c sudo -S -p ‘#node-sudo-passwd#’ /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain dev.domain.com --webroot /var/www/dev/system/nginx-root --reloadcmd “nginx -s reload” --accountemail contact@domain.com
[Wed Oct 9 12:58:00 UTC 2019] Error, can not get domain token entry my.domain.com
[Wed Oct 9 12:58:00 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Oct 9 12:58:00 UTC 2019] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh

[Wed Oct  9 12:57:09 UTC 2019] Single domain='my.domain.com'
[Wed Oct  9 12:57:09 UTC 2019] Getting domain auth token for each domain
[Wed Oct  9 12:57:09 UTC 2019] Getting webroot for domain='my.domain.com'
[Wed Oct  9 12:57:09 UTC 2019] Getting new-authz for domain='my.domain.com'
[Wed Oct  9 12:57:10 UTC 2019] Could not get nonce, let's try again.
[Wed Oct  9 12:57:13 UTC 2019] Could not get nonce, let's try again.
[Wed Oct  9 12:57:15 UTC 2019] Could not get nonce, let's try again.
[Wed Oct  9 12:58:00 UTC 2019] The new-authz request is ok.

Exit code: 1

Any ideas what the issue might be here?

I’ve also put:

curl https://acme-v02.api.letsencrypt.org/directory -v

Maybe there is an error there but I think it looks ok:

dev@dev:/var/www/dev$ curl https://acme-v02.api.letsencrypt.org/directory -v
*   Trying 172.65.32.248...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (172.65.32.248) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=acme-v01.api.letsencrypt.org
*  start date: Sep 13 17:50:45 2019 GMT
*  expire date: Dec 12 17:50:45 2019 GMT
*  subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
*  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55e4dd0c0920)
> GET /directory HTTP/2
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.58.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< server: nginx
< date: Wed, 09 Oct 2019 14:00:08 GMT
< content-type: application/json
< content-length: 658
< cache-control: public, max-age=0, no-cache
< x-frame-options: DENY
< strict-transport-security: max-age=604800
<
{
  "7-xjkuvAe64": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
  "keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
  "meta": {
    "caaIdentities": [
      "letsencrypt.org"
    ],
    "termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
    "website": "https://letsencrypt.org"
  },
  "newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
  "newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
  "newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
  "revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
* Connection #0 to host acme-v02.api.letsencrypt.org left intact