SSL did not auto-renew and it's saying Domain not pointing to correct IP

alex.f · September 13, 2019, 4:06pm

My domain is: https://blog.sellerssuite.com

Issue:
My ssl auto-renew didn’t work. So I attempted to manually renew the SSL. However, I kept getting this error. So I figured there was something wrong with the setup.I did a fresh instance and I’m still getting this error.

I’m using Route53 and I’m sure the correct IP address is showing and the DNS has propagated - you can see here DNS Checker - DNS Check Propagation Tool

It produced this output:
Your domain name is not pointing to the correct IP address of your server, check your DNS has propagated and run ghost setup ssl again

My web server is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:
AWS

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No

Has anyone experienced this issue? Any idea how to solve it?

Hannah · September 13, 2019, 4:09pm

Can you please provide the full output from ghost-cli, including any debug logs?

alex.f · September 13, 2019, 4:14pm

Full Output:
? Enter your email (For SSL Certificate) [email]

sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain blog.sellerssuite.com --webroot /var/www/ghost/system/nginx-root --reloadcmd “nginx -s reload” --accountemail [email]
Setting up SSL
One or more errors occurred.

SystemError

Message: Your domain name is not pointing to the correct IP address of your server, check your DNS has propagated and run ghost setup ssl again

Debug Information:
OS: Ubuntu, v18.04
Node Version: v10.16.3
Ghost-CLI Version: 1.11.0
Environment: production
Command: ‘ghost setup ssl’

This is the only log that I’m seeing:

sudo systemctl is-active ghost_blog-sellerssuite-com

alex.f · September 13, 2019, 4:28pm

Sorry for the trouble. It was a security group setting. I wasn’t allowing access to port 80. I guess it needed that to new the SSL cert.

jeff · September 15, 2019, 8:14pm

Certbot aka letsencrypt use http - port 80 for renewals. The ghost ssl certificate acme.sh is an old version with customisations - but I expect it has the same restriction.

You have to be a bit careful to keep http access to the .well-known folder available.

The certbot force-to-ssl for nginx is a poor implementation as it uses an IF statement - nginx IF statements should be avoided wherever possible.

Topic		Replies	Views
Can't install SSL while domain is pointing to correct IP Installation	1	989	August 1, 2018
SSL Autorenew failure - NET::ERR_CERT_DATE_INVALID Developer help	13	2104	November 11, 2019
New Ghost Install - SSL Failed Developer help	4	886	June 25, 2020
Stuck on setting up SSL and DNS Installation	9	2470	March 25, 2020
SSL ceritificate not renewing Developer help	1	807	May 12, 2019

SSL did not auto-renew and it's saying Domain not pointing to correct IP

Related Topics