I recently decided to migrate my content over to Ghost. I was just using Bootstrap previously to cobble together some basic pages to host my content, alongside a Mediawiki instance and a Piwigo instance as well.
My Ghost installation ran like a dream other than having to add in a SocketPath filepath in my config file to get it to connect to MySQL.
The problem I’m having now is this. I had my Mediawiki instance hosted on https://wiki.renoproject.org and although I’ve got Ghost’s SSL stuff working fine thanks to using Ghost-CLI, I’m stumped on how to use acme.sh in conjunction with nginx to issue and setup a working SSL cert for that subdomain.
I followed the official Ghost docs on self hosting to setup a Ghost instance on my website (https://renoproject.org).
Does anyone have any advice on how to use the acme.sh script that comes with the Ghost install that’s in /etc/letsencrypt? I had considered just installing certbot as I have previous experience with that but I was concerned about there being conflicts and if possible, I’d rather use the tools that came with Ghost to get this working.
For the record, I used the following command to generate a cert:
Youll likely want to use certbot. You can generate wildcard certs and use that for your different subdomains in your nginx config.
heres an example using the cloudflare plugin, if youre not using that for dns verification then just remove the --dns-cloudflare* parameters
notice the multiple -d parameters, this will add different SANs to your cert.
then you can rsync the certs to where your nginx is running or have your nginx ssl config pointed at the location certbot stores the certs.
if you only have one domain and youre familiar with docker you might want to look into using swag, it is a LSIO container which has letsencrypt and nginx and other capabilities which might make your life easier.
Do you know if it would cause any conflicts if I allow Ghost to continue using acme.sh to renew the cert that Ghost-CLI generated when I set things up, but then install certbot and use that specifically to generate a certificate for the subdomain I mentioned in my initial post?
i think that depends on how youre routing traffic for domains. if you have a cert from a trusted signer its not going to matter much. if you have a proxy that is handling all of your public domains in front of your ghost cli, the cert that is in your proxy is going to be used if there is no pass through, but you would need to make sure of the options in the proxy that the connections are passed ok.