I’ve seen a few posts on this, but none of them seem to fix this issue that i’m having running ghost setup ssl
. I suspect this is because I tried to setup ssl during initial ghost install, however my domain was still propogating so it didn’t install properly, so now when I try to run it, I get Invalid response from http://admin.mydomain.com/.well-known/acme-challenge
Perhaps there is/needs to be a way to do ghost delete ssl
and start over? Or is there another approach besides trying to upgrade letsencrypt/acme.sh? That didn’t work for me.
$ ghost setup ssl
? Enter your email (For SSL Certificate) stuart@myemail.com
+ sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain admin.mydomain.com --
webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail stuart@myemail.com
✖ Setting up SSL
One or more errors occurred.
1) ProcessError
Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#' /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain admin.mydomain.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail stuart@myemail.com
[Thu Apr 16 18:26:25 UTC 2020] admin.mydomain.com:Verify error:Invalid response from http://admin.mydomain.com/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [18.218.36.148]:
[Thu Apr 16 18:26:25 UTC 2020] Please add '--debug' or '--log' to check more details.
[Thu Apr 16 18:26:25 UTC 2020] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh
If ssl isn’t set up, there’s nothing to delete. Based on the output from the logs, it looks like your domain still isn’t set up
Ok. I was confused as to why there’s a /etc/letsencrypt/admin.mydomain.com
directory. But if it’s not setup at all, then what could be the source of the error? I haven’t done anything strange. I followed the Ubuntu install docs.
Should there be a directory under /var/www/ghost
like .well-known/acme-challenge/
? Or how does that get resolved? When I put the full path into a browser I get a 404.
acme.sh internally handles all of this. Ghost provides the webroot (it’s in system/files
iirc) to the script and the script handles creating and removing any files. The script is installed in /etc/letsencrypt
Thanks, @vikaspotluri123 I appreciate your help.
Something must serve up the file http://mydomain.com/.well-known/acme-challenge/
. The only reference I can find anywhere to “well-known” is in system/files/mydomain.conf
location ~ /.well-known {
allow all;
}
Ghost doesn’t create system/files/.well-known
even on a fresh ghost install following the Ubuntu instructions.
So either ghost or acme.sh is responsible for creating this, but I don’t know which and I don’t know how to resolve it. I can’t find any references to it in the github code.
Any ideas?
That’s correct, acme.sh does. You can try running the command manually
/bin/sh -c sudo -S /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain admin.mydomain.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail stuart@myemail.com
Yes @vikaspotluri123, this is precisly the command that does not work because it is looking for:
Verify error:Invalid response from http://admin.mydomain.com/.well-known/acme-challenge/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Which if you put it in a browser gives a 404
acme.sh creates this file when LE asks for it, and regardless of the result deletes it
@vikaspotluri123 Turns out it was an issue with ghost.
In ghost/system/files/mydomain.com.conf
I noticed this peculiar line:
server {
listen 80;
listen [::]:80;
server_name admin.tusklegacy.com;
root /var/www/ghost #system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
So I uncommented it and turned it into:
server {
listen 80;
listen [::]:80;
server_name admin.tusklegacy.com;
root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)
And it worked!
I believe either the script should change to automatically do this OR it should be written in the documentation. If it is, I can’t seem to find it.
That’s really weird! You can see the template that the CLI uses to generate config files here:
Moreover, nginx should have complained about the config file since root /var/www/ghost #...
isn’t valid syntax
Whatever the case, I’m glad you got it working
Next time I’ll try that. The docs I was following had ghost setup ssl
. But I got it working anyway.
During the execution of ghost install
, Setting up SSL
failed, and the error is as follows:
1) ProcessError
Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#' /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain ifree.love --webroot /var/www/ifree.love/system/nginx-root --reloadcmd "nginx -s reload" --accountemail xxx@example.com
[Wed 22 Mar 2023 11:03:53 AM CST] iffree.love:Verify error:182.160.6.95: Invalid response from http://ifree.love/.well-known/acme-challenge/KbiMB863ztprY40D9uAOM1aC6IB_gNl3-kYWU2Lp40Q:
[Wed 22 Mar 2023 11:03:53 AM CST] Please add '--debug' or '--log' to check more details.
[Wed 22 Mar 2023 11:03:53 AM CST] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
[Wed 22 Mar 2023 11:03:47 AM CST] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Wed 22 Mar 2023 11:03:47 AM CST] Create account key ok.
[Wed 22 Mar 2023 11:03:47 AM CST] Registering account: https://acme-v02.api.letsencrypt.org/directory
[Wed 22 Mar 2023 11:03:48 AM CST] Registered
[Wed 22 Mar 2023 11:03:48 AM CST] ACCOUNT_THUMBPRINT='FyfQubkq7KUn3fHsqooZmhKctgFpFtXJsIyJzkT8gtU'
[Wed 22 Mar 2023 11:03:48 AM CST] Creating domain key
[Wed 22 Mar 2023 11:03:48 AM CST] The domain key is here: /etc/letsencrypt/ifree.love/ifree.love.key
[Wed 22 Mar 2023 11:03:48 AM CST] Single domain='ifree.love'
[Wed 22 Mar 2023 11:03:49 AM CST] Getting domain auth token for each domain
[Wed 22 Mar 2023 11:03:50 AM CST] Getting webroot for domain='ifree.love'
[Wed 22 Mar 2023 11:03:50 AM CST] Verifying: iffree.love
[Wed 22 Mar 2023 11:03:50 AM CST] Pending, The CA is processing your order, please just wait. (1/30)
Exit code: 1
How should I solve it?
I have executed related commands of acme before, is it related?
sudo curl https://get.acme.sh | sh -s email=xxx@example.com
acme.sh --register-account --server zerossl \
--eab-kid xALY5uL-qU5cS7RwfA_QEA \
--eab-hmac-key KetWJRV42GUfCznQWDci9_rddZbAXLYNESlK0RcfjJ4c6FaQVx7BRaD_kjwwq0BnYK2JrduCW6tCljwvSxRpeQ
Where is ghost/system/files/mydomain.com.conf
? I did not find it.