What’s your URL? This is the easiest way for others to help you e.bowiesensei.com
What version of Ghost are you using? If it’s not the latest, please update Ghost first before opening your topic
5.53.1
And
How was Ghost installed and configured?
DigitalOcean, 1 click install. Other configuration by me.
What Node version, database, OS & browser are you using?
v16.20.1
What errors or information do you see in the console?
n/a
What steps could someone else take to reproduce the issue you’re having?
I’ve set up email on a subdomain e.bowiesensei.com and the transactional email is sent from https://email.e.bowiesensei.com. When requesting a password reset for an admin and clicking through the link I receive in the email I can see that I get a certificate error for https://email.e.bowiesensei.com/ as the certificate is for mailgun. The subdomain e.bowiesensei.com domain has no certificate at all so that also errors.
You should enable SSL for the subdomain using ghost setup ssl. Also, email.subdomain should not be accessible via a web browser: typically with Mailgun, this is a CNAME, and MX records are created for mg.subdomain to send.
Are there any more specific instructions for this? I’ve attempted the instructions here in the documentation but I ran into an error.
So I tried running ghost setup --ssl otherwise it skips the config. At this point it asks ? **Enter your blog URL:** should I change this to https://e.bowiesensei.com and then change it back later? Or is there a way I can include wildcard domains here in the SSL set up? Should I request it on https://*.bowiesensei.com. If so will this also include the naked domain https://bowiesensei.com?
Okay, so you’re using the bare domain, not a subdomain; not sure why you said it was https://e.bowiesensei.com/ before. Therefore, use this when setting up SSL, and make sure you use https://bowiesensei.com/in production.config.json.
As for Mailgun, all you need is to setup MX records pointing to their servers, e.g., mg.bowiesensei.com. email.mg.bowiesensei.com (a CNAME) is optional.
You only need to setup SSL for the bare domain; certificates are not necessary for the MX records.
Okay, thanks for your response. I thought I’d already added the MX records as described in their documentation and they’ve validated so I’m not sure what I’m missing here.
When requesting a password reset for an admin and clicking through the link I receive in the password reset email I get a certificate error for https://email.e.bowiesensei.com. When inspecting the certificate it is for mailgun and my domain is not listed. According to the set up I’ve done what I’m supposed to so I’m not sure why this is happening.
You have misconfigured something: https://email.e.bowiesensei.com/ is not a valid website URL. The link should open on your bare domain, i.e., your Ghost site.
Please confirm value for "url": in production.config.json, and share your Nginx config from sites-available.
Also, I note that your site is private; try turning this off when testing the sign-up.
I notice that there is no e.bowiesensei.com-ssl.conf which I suspect might be required as all the other domains have an equivalent. However, I’m not sure how to create that file.