LetsEncrypt setup fails

I have my DNS with Cloudflare (free subscription).

When I run

ghost setup sll

I get the following:

Love open source? We’re hiring JavaScript Engineers to work on Ghost full-time.
https://careers.ghost.org

? Enter your email (For SSL Certificate) myemail@email.com

  • sudo mkdir -p /etc/letsencrypt
  • sudo ./acme.sh --install --home /etc/letsencrypt
  • sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain www.mysite.com --webroot /var/www/mysite/system/nginx-root --reloadcmd “nginx -s reload” --accountemail myemail@email.com --keylength 2048
    :heavy_multiplication_x: Setting up SSL
    One or more errors occurred.
  1. ProcessError

Message: Command failed: /bin/sh -c sudo -S -p ‘#node-sudo-passwd#’ /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain www.mysite.com --webroot /var/www/mysite/system/nginx-root --reloadcmd “nginx -s reload” --accountemail myemail@email.com --keylength 2048
[Mon Mar 11 03:08:16 UTC 2024] Invalid status, www.mysite.com:Verify error detail:2606:4700:3032::6815:3074: Invalid response from http://www.mysite.com/.well-known/acme-challenge/xxxxxxxxxxxxxxxx: 404
[Mon Mar 11 03:08:16 UTC 2024] Please add ‘–debug’ or ‘–log’ to check more details.
[Mon Mar 11 03:08:16 UTC 2024] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

[Mon Mar 11 03:08:07 UTC 2024] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 11 03:08:07 UTC 2024] Create account key ok.
[Mon Mar 11 03:08:08 UTC 2024] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 11 03:08:09 UTC 2024] Registered
[Mon Mar 11 03:08:09 UTC 2024] ACCOUNT_THUMBPRINT=‘yyyyyyyyyyyyy’
[Mon Mar 11 03:08:09 UTC 2024] Creating domain key
[Mon Mar 11 03:08:10 UTC 2024] The domain key is here: /etc/letsencrypt/www.mysite.com/www.mysite.com.key
[Mon Mar 11 03:08:10 UTC 2024] Single domain=‘www.mysite.com
[Mon Mar 11 03:08:10 UTC 2024] Getting domain auth token for each domain
[Mon Mar 11 03:08:12 UTC 2024] Getting webroot for domain=‘www.mysite.com
[Mon Mar 11 03:08:12 UTC 2024] Verifying: www.mysite.com
[Mon Mar 11 03:08:13 UTC 2024] Pending, The CA is processing your order, please just wait. (1/30)

Exit code: 1

Debug Information:
OS: Ubuntu, v22.04.4 LTS
Node Version: v18.19.1
Ghost Version: 5.80.2
Ghost-CLI Version: 1.25.3
Environment: production

I am not sure how to troubleshoot this.

Ghost doctor returns

✔ Checking system Node.js version - found v18.19.1
✔ Checking logged in user
✔ Ensuring user is not logged in as ghost user
✔ Checking if logged in user is directory owner
✔ Checking current folder permissions
✔ Checking system compatibility
✔ Checking for a MySQL installation
+ sudo systemctl is-active ghost_www-mysite-com
Instance is currently running
ℹ Validating config [skipped]
✔ Checking folder permissions
✔ Checking file permissions
✔ Checking content folder ownership
✔ Checking memory availability
✔ Checking binary dependencies
✔ Checking free space
✔ Checking systemd unit file
✔ Checking systemd node version - found v18.19.1

domain can be pinged and traced successfully,

1 Like

I recommend turning Cloudflare to dns only and seeing if it’ll go through. It sounds like there’s an error in your proxying setup that’s preventing let’s encrypt from reaching the needed url:

1 Like

Hi, I set Cloudflare to strict/full for proxying and turned Cloudflare to DNS only.

This time the process got further i.e. to [Mon Mar 11 16:52:07 UTC 2024] Pending, The CA is processing your order, please just wait. (12/30).

But still returned

[Mon Mar 11 16:52:09 UTC 2024] Invalid status, www.mysite.com:Verify error detail:2606:4700:3037::ac43:970c: Invalid response from http://www.mysite.com/.well-known/acme-challenge/xxxxxxx: 522

1 Like

Would this have something to do with the fact that I have nginx proxy manager installed for all my reverse proxies?

image

Just some further detail. My Nginx proxy manager is able to generate a cert using lets encrypt for the same site if I ask it to.

Great discovered that there was already a cert for that domain with letsencrypt. Deleted it and it all came right :slight_smile:

Well the cert was created so now just trying to get it to work with the above network config and Cloudflare.

The cert was created on Ghost and I can browse to the IP on my network.

I then also added the cert on Ngnix regerse proxy and it appears to work except I am back to my old problem of images not showing on the site. I will update the associated ticket.

Certs seems sorted.

1 Like

Did you turn on proxying at DNS record before you setup SSL?

1 Like

I did at some point and then turned it back on. Everything is working now.

The issue with the images was the URL was not set correctly. I fixed it using ghost config url.

1 Like

Happy to hear that you fixed it. Good luck and happy blogging.

2 Likes