I’m trying to install a new Ghost on my domain. Apparently I’m having some issues with SSL. The Ghost installation works fine until the SSL setup.
I run manually this command after it failed:
ghost setup ssl with no luck.
Here is what I have in log:
OS: Ubuntu, v18.04
Node Version: v10.15.1
Ghost-CLI Version: 1.11.0
Command: 'ghost setup ssl'
Message: Command failed: /bin/sh -c sudo -S -p ‘
#node-sudo-passwd#’ /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain dev.domain.com --webroot /var/www/dev/system/nginx-root --reloadcmd “nginx -s reload” --accountemail email@example.com
[Wed Oct 9 12:58:00 UTC 2019] Error, can not get domain token entry my.domain.com
[Wed Oct 9 12:58:00 UTC 2019] Please add ‘–debug’ or ‘–log’ to check more details.
[Wed Oct 9 12:58:00 UTC 2019] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub
[Wed Oct 9 12:57:09 UTC 2019] Single domain='my.domain.com'
[Wed Oct 9 12:57:09 UTC 2019] Getting domain auth token for each domain
[Wed Oct 9 12:57:09 UTC 2019] Getting webroot for domain='my.domain.com'
[Wed Oct 9 12:57:09 UTC 2019] Getting new-authz for domain='my.domain.com'
[Wed Oct 9 12:57:10 UTC 2019] Could not get nonce, let's try again.
[Wed Oct 9 12:57:13 UTC 2019] Could not get nonce, let's try again.
[Wed Oct 9 12:57:15 UTC 2019] Could not get nonce, let's try again.
[Wed Oct 9 12:58:00 UTC 2019] The new-authz request is ok.
Exit code: 1
Any ideas what the issue might be here?
I’ve also put:
curl https://acme-v02.api.letsencrypt.org/directory -v
Maybe there is an error there but I think it looks ok:
dev@dev:/var/www/dev$ curl https://acme-v02.api.letsencrypt.org/directory -v
* Trying 22.214.171.124...
* TCP_NODELAY set
* Connected to acme-v02.api.letsencrypt.org (126.96.36.199) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=acme-v01.api.letsencrypt.org
* start date: Sep 13 17:50:45 2019 GMT
* expire date: Dec 12 17:50:45 2019 GMT
* subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55e4dd0c0920)
> GET /directory HTTP/2
> Host: acme-v02.api.letsencrypt.org
> User-Agent: curl/7.58.0
> Accept: */*
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< server: nginx
< date: Wed, 09 Oct 2019 14:00:08 GMT
< content-type: application/json
< content-length: 658
< cache-control: public, max-age=0, no-cache
< x-frame-options: DENY
< strict-transport-security: max-age=604800
* Connection #0 to host acme-v02.api.letsencrypt.org left intact
Hello, i’ve the same problem.
Using Ubuntu 18.04.2 with Ghost 2.37.0
I have never modified any settings of Lets Encrypt/Acme
I installed Ghost following your official guide.
The following email has just arrived:
Your certificate (or certificates) for names listed below will expire in 10 days (on 02 Nov 19 21:00 +0000). Please, make your renewal certified before then, or your website will encounter errors.
We recommend renewing certificates automatically when they have a third of them
total lifetime lef…
Have you solved it somehow?
On the web I found someone who says to update acme or launch the command using some additional parameter, but I’m afraid of compromising the system, I haven’t tried it yet.
ghost setup nginx ssl
Nginx configuration already found for this url. Skipping Nginx setup.
ℹ Setting up Nginx [skipped]
Nginx setup task was skipped, skipping SSL setup
ℹ Setting up SSL [skipped]
I have similar issue and unable to renew my certificate. I hasn’t happened automatically and it doesn’t work with acme script. I’m out of ideas. Here’s output of
/etc/letsencrypt/acme.sh --home "/etc/letsencrypt" --renew -d mydomain.pl --webroot /var/www/ghost/system/nginx-root
[Sat Nov 2 20:01:05 CET 2019] GET
[Sat Nov 2 20:01:05 CET 2019] url='https://acme-v01.api.letsencrypt.org/directory'
[Sat Nov 2 20:01:05 CET 2019] timeout=
[Sat Nov 2 20:01:05 CET 2019] _CURL='curl -L --silent --dump-header /etc/letsencrypt/http.header -g '
[Sat Nov 2 20:01:06 CET 2019] ret='0'
[Sat Nov 2 20:01:06 CET 2019] Could not get nonce, let's try again.
[Sat Nov 2 20:01:23 CET 2019] Error, can not get domain token entry ...
I noticed that acme renew command only finds domains that are in
/etc/letsencrypt/live folder, but ghost certificates go to
/etc/letsencrypt/[domain] by default so renew command doesn’t even recognize that domain.
I’m also on ubuntu 18.04
Ghost-CLI version: 1.12.0
Ghost version: 2.28.0
any update on this issue? I’m experiencing the same problem.
Ubuntu 18.04.3 LTS (DigitalOcean Ghost droplet)
Ghost-CLI version: 1.12.0
Ghost version: 2.36.0
Ok, I managed to solve the problem! Not sure though if it is the recommended way to do it. In case anyone wants to try, this is what I did:
sudo apt install socat (not sure if necessary, but acme complained otherwise)
This doesn’t seem to replace the old acme.sh, but installs a new one to
/root/.acme.sh/acme.sh. So I ran:
/root/.acme.sh/acme.sh --home "/etc/letsencrypt" --renew-all
This command successfully renewed the certificates. After that I restarted nginx:
sudo systemctl restart nginx
and edited the crontab (
sudo crontab -e), where I changed the existing command to use the new acme.sh path.
Perhaps it would be better to copy the newly installed acme.sh back to the old location (
/etc/letsencrypt/), but I was afraid to break something.
This solved it for me, on both Ghost installations I’m running (Ubuntu 18.04 on both).
ghost setup nginx ssl
Did you find a solution to this? I have the same problem
@giacomosilli Fixed? or still facing this issue?
That fixed it for me as well - thanks!