Setting up / renewing SSL results in verify error invalid response

I set up Ghost a little ways back and then got notifications that the SSL cert was going to expire. When I first set up the site, I really don’t remember how I configured the SSL cert (whether it was manual or through Ghost) though I’d guess it was through Ghost. I read online that it auto-renews so I figured I didn’t have to worry. Today the cert expired and I’m unable to renew it. I’ve spent about 6 hours debugging and have gotten nowhere yet :confused:

Here is a log of things I’ve tried and related posts:

Try too many times and you get rate limited. I hit this but it resets every hour so that’s not the problem.

Updating ACME and running the script did not help.

Similarly, running things manually also didn’t work

Having ports 443 and 80 open does not seem to be related.


  • What’s your URL? This is the easiest way for others to debug your issue
    ghost.themetric.org

  • What version of Ghost are you using?
    Ghost-CLI version: 1.14.1
    Ghost version: 3.11.0 (at /var/www/ghost)

  • What configuration?
    Hosted on Vultr. Domain via GoDaddy. Using Ghost as CMS, consuming data via Gatsby.

  • What browser?
    N/A

  • What errors or information do you see in the console?

ghostuser@metric:/var/www/ghost$ ghost setup ssl
? Enter your email (For SSL Certificate) cameroncabo@gmail.com
+ sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain ghost.themetric.org --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail cameroncabo@gmail.com
✖ Setting up SSL
One or more errors occurred.

1) ProcessError

Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#'  /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain ghost.themetric.org --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail cameroncabo@gmail.com
[Wed Jun 17 00:56:40 UTC 2020] ghost.themetric.org:Verify error:Invalid response from http://ghost.themetric.org/private/?r=%2F.well-known%2Facme-challenge%2FoXpJL_l0AFAxmVU3mlZCQVHDFV1MUdRoTISo2NPkBVA [45.32.218.227]:
[Wed Jun 17 00:56:40 UTC 2020] Please add '--debug' or '--log' to check more details.
[Wed Jun 17 00:56:40 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

[Wed Jun 17 00:56:36 UTC 2020] Single domain='ghost.themetric.org'
[Wed Jun 17 00:56:36 UTC 2020] Getting domain auth token for each domain
[Wed Jun 17 00:56:37 UTC 2020] Getting webroot for domain='ghost.themetric.org'
[Wed Jun 17 00:56:37 UTC 2020] Verifying: ghost.themetric.org

Exit code: 1


Debug Information:
    OS: Ubuntu, v18.04.4 LTS
    Node Version: v10.21.0
    Ghost Version: 3.11.0
    Ghost-CLI Version: 1.14.1
    Environment: production
    Command: 'ghost setup ssl'

Additional log info available in: /home/ghostuser/.ghost/logs/ghost-cli-debug-2020-06-17T00_56_40_476Z.log

Try running ghost doctor to check your system for known issues.
Trying to run it directly:
root@metric:/etc/letsencrypt# /etc/letsencrypt/acme.sh --force --renew --home /etc/letsencrypt --domain ghost.themetric.org --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail cameroncabo@gmail.com
[Wed Jun 17 01:13:47 UTC 2020] Renew: 'ghost.themetric.org'
[Wed Jun 17 01:13:48 UTC 2020] Single domain='ghost.themetric.org'
[Wed Jun 17 01:13:48 UTC 2020] Getting domain auth token for each domain
[Wed Jun 17 01:13:49 UTC 2020] Getting webroot for domain='ghost.themetric.org'
[Wed Jun 17 01:13:49 UTC 2020] Verifying: ghost.themetric.org
[Wed Jun 17 01:13:52 UTC 2020] ghost.themetric.org:Verify error:Invalid response from http://ghost.themetric.org/private/?r=%2F.well-known%2Facme-challenge%2F40AgwTHbkZginHrTh1Wnsso8wpt0iidRzYsUr59gG3Y [45.32.218.227]:
[Wed Jun 17 01:13:52 UTC 2020] Please add '--debug' or '--log' to check more details.
[Wed Jun 17 01:13:52 UTC 2020] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
  • What steps could someone else take to reproduce the issue you’re having?
    Unsure

Please let me know if any other info would be useful!

Both the original error and you running acme.sh directly show the error:

[Wed Jun 17 01:13:52 UTC 2020] ghost.themetric.org:Verify error:Invalid response from http://ghost.themetric.org/private/?r=%2F.well-known%2Facme-challenge%2F40AgwTHbkZginHrTh1Wnsso8wpt0iidRzYsUr59gG3Y [45.32.218.227]:

Your site is in private mode, Ghost is trying to serve the request by redirecting acme/letsencrypt to your private login page.

Can you share your nginx config?

@Hannah sorry for the delay!

root@metric:~# cat /etc/nginx/nginx.conf

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}