Renew SSL for ghost sites on DigitalOcean

Developer help
1

So earlier this year my 2 Ghost sites on my DO server had their SSL expire. I tried everything suggested at How to renew default let's encrypt ssl? and it did not work.

So I set up the entire server again. Now the same issue. The SSL did not auto-renew and I can’t seem to find a way to renew them.

Does anyone have any steps to debug?

I first ran this command:
“/etc/letsencrypt”/acme.sh --upgrade --home “/etc/letsencrypt”
The results were:
[Sat Oct 17 07:22:21 UTC 2020] Already uptodate!
[Sat Oct 17 07:22:21 UTC 2020] Upgrade success!

Than I entered:
“/etc/letsencrypt”/acme.sh --cron --home “/etc/letsencrypt” > /dev/null

The results were:
[Sat Oct 17 07:31:42 UTC 2020] stretch.themeist.com:Verify error:Invalid response from http://stretch.themeist.com/.well-known/acme-challenge/FHhS6J7YH4VOnoTf9WI7gdJcxmXOoj75xwuKfNsmr8s [164.90.196.33]:
[Sat Oct 17 07:31:42 UTC 2020] Please check log file for more details: /etc/letsencrypt/acme.sh.log
[Sat Oct 17 07:31:42 UTC 2020] Error renew stretch.themeist.com.

2

I followed the steps listed on `ghost setup ssl`: Error, can not get domain token entry - #6 by PaszaVonPomiot.

It renews the first domain setup when I created the DO. But I still get the same error for the 2nd domain I have created using ghost CLI.

3

When I use the following command, I get this error:

oot@ghost-ubuntu-s-1vcpu-1gb-ams3-01:/etc# /root/.acme.sh/acme.sh --remove --domain 'stretch.themeist.com' --debug
[Sun Oct 18 05:55:28 UTC 2020] Lets find script dir.
[Sun Oct 18 05:55:28 UTC 2020] _SCRIPT_='/root/.acme.sh/acme.sh'
[Sun Oct 18 05:55:28 UTC 2020] _script='/root/.acme.sh/acme.sh'
[Sun Oct 18 05:55:28 UTC 2020] _script_home='/root/.acme.sh'
[Sun Oct 18 05:55:28 UTC 2020] Using default home:/root/.acme.sh
[Sun Oct 18 05:55:28 UTC 2020] Using config home:/root/.acme.sh
https://github.com/acmesh-official/acme.sh
v2.8.8
[Sun Oct 18 05:55:28 UTC 2020] Running cmd: remove
[Sun Oct 18 05:55:28 UTC 2020] Using config home:/root/.acme.sh
[Sun Oct 18 05:55:28 UTC 2020] default_acme_server
[Sun Oct 18 05:55:28 UTC 2020] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Sun Oct 18 05:55:28 UTC 2020] DOMAIN_PATH='/root/.acme.sh/stretch.themeist.com'
[Sun Oct 18 05:55:28 UTC 2020] **stretch.themeist.com is not a issued domain**, skip.
root@ghost-ubuntu-s-1vcpu-1gb-ams3-01:/etc# is not a issued domain, skip.

Based on my understanding of this error, it looks like the SSL was not setup for the 2nd website I setup. But if that is the case then how did SSL did work until it expired.

4

Did you try sudo certbot renew --dry-run ?

If that doesn’t work, or show that it’ll work, can you share ls /etc/nginx/sites-available/ and the configurations for your domains? Sometimes the tool is picky about file names or how the site configuration looks.

5

Hey there,

I know it’s not directly solving the problem, but on one site while I was trying to fix SSL, I just started using Cloudflare, with strict SSL. Was a lot more stress-free.

By the way, if you do that, remember that you have to turn off proxy on cloudflare to set up SSL again on your home domain.

On your problem — I’ve actually never seen that language btw. I usually use something like certbot --nginx and let it do its magic. Is that something you can try?