Started a new blog on my server using the installation tool. Everything was running smoothly and I decided to setup ssl by running the ‘ghost setup ssl’ command.
After going through all of the steps and the tool finishing the setup, I changed my URL in ‘config.production.json’ to https. When I try and load my url it correctly redirects to https but it won’t load the page. Firefox is giving me the error “Secure Connection Failed. The connection to pudgyboston.com was interrupted while the page was loading. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.”
I’m not great with nginx, but I have a feeling it’s something on that front. I saw a potential answer on github by removing my letsencrypt directory and trying again but I wanted to come here first before removing it
Slightly off topic, but I’m also trying to migrate a password protected site from apache to run on nginx alongside my blog. If anyone has any tips on how to accomplish this or link me to a guide that can help it would be greatly appreciated
I got frustrated and did a full ghost uninstall and apt-get purge of nginx and redid the entire setup, same problem. Is there something wrong with the ssl setup in the ghost cli?
You may have already tried this already, but I think that the SSL may have been setup correctly. I think what Ayu is saying is that you shouldn’t need to change the ‘config.production.json’ parameter for SSL to work; for me, that parameter is still pointing to the http address of my site even though I have SSL setup.
What I would suggest is to leave the ‘config.production.json’ unchanged and see if your site is still accessible over https. From the documentation at https://docs.ghost.org/docs/cli-setup, the https, SSL configuration is done over on the nginx side, which should forward the traffic to your local node process that is running the ghost blog webapp.
My config.production.json URL is back to http, but I’m still not able to load the https address. The http address loads fine, but Firefox is still saying the https site is not secure and won’t load the page.
I checked what version nginx was running on my debian server just in case that was below 1.9.5 but I’m showing version 1.10.3.
Are there any extra steps I need to do in nginx after running the cli-setup to get ssl working?
Progress, kinda sorta. These forums only let me paste one link, so I replaced pudgyboston.com with ‘my_url’. After looking through the error logs for nginx I’m getting
2018/06/19 15:14:47 [error] 13067#13067: *1 no "ssl_certificate" is defined in server listening on SSL port while SSL handshaking, client: 127.0.0.1, server: 0.0.0.0:443
Here’s the output for curl -vvv my_url
* Rebuilt URL to: my_url
* Trying *.*.*.*...
* TCP_NODELAY set
* connect to *.*.*.* port 443 failed: Connection refused
* Failed to connect to my_url port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to my_url port 443: Connection refused
Can’t connect securely to this page
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.
I missed a chunk of this conversation, but one thing that I am noticing is that your “pudgyboston.com-ssl.conf” file is referencing a “fullchain.cer” file. Is that the name of the actual ssl certificate ? I also use Lets Encrypt, though with Apache, and the Apache equivalent of the Nginx parameter “ssl_certificate” points to a “fullchain.pem” file.
One thing that I should mention that there are different types of SSL cert file formats available, and I think here that the .PEM file type is most applicable.