Let’s Encrypt no longer used by ghost-cli

Developer help Installation
1

If you’re looking for help, please provide information about your environment. If you delete this template and don’t provide any information, your topic will be closed.

If you aren’t running the latest version of Ghost, the first thing we will ask you to do is update to the latest version of Ghost.

  • What version of Ghost are you using? ghost-cli 1.17.3

And

  • How was Ghost installed and configured? As per the install guide
  • What Node version, database, OS & browser are you using? node 14.17.5, mysql 8.0.26
  • What errors or information do you see in the console? See below
  • What steps could someone else take to reproduce the issue you’re having? See below

Version 3 of acme.sh changed the default CA from Let’s Encrypt to ZeroSSL (who acquired acme.sh). Running either ghost install or ghost setup ssl displays a message:

Setting Up SSL >> Getting SSL Certificate from Let’s Encrypt…

but the output in the ghost-cli log shows:

Using CA: https://acme.zerossl.com/v2/DV90

Either ghost-cli should be updated to say it’s using ZeroSSL, or acme.sh should be reconfigured to use LE again with acme.sh --set-default-ca --server letsencrypt.

1 Like
2

I was informed that ghost was configured to automatically renew the SSL.

I verified this with:

$ sudo crontab -u root -l

Result:

7 0 * * * “/etc/letsencrypt”/acme.sh --cron --home “/etc/letsencrypt” > /dev/null

It should be configured for auto renew.

However, I received an email from ZeroSSL notifying me:

zerossl-expiring-soon
zerossl-expiring-soon722×588 48.4 KB

I’m assuming you had the same issue. If yes, what did you do?

3

$ su root ( cannot do as sudo )
$ sudo acme.sh --set-default-ca --server letsencrypt
$ /etc/letsencrypt/acme.sh --upgrade --home “/etc/letsencrypt”

$ su my_username
$ sudo certbot renew --dry-run

Failed to renew certificate.

Did you manage to renew the certificate?

Ghost-CLI version: 1.18.1
Ghost version: 4.27.1