Staff account activation link in email uses http instead of https

  • aboutmmt.au

  • 5.101.6

  • How was Ghost installed and configured?
    Self hosting, DigitalOcean 1-click setup

I am new to Ghost and Mailgun.

My setup uses SSL. ie https://aboutmmt.au/

I have setup Mailgun and can send newsletters from Ghost. :-)

But I have an issue with the Staff account Signup email.

As a test I added myself a staff member using a different email to my Ghost account.

The email arrived. However the activation link is http, not https. ie:

http://email.mg.aboutmmt.au/c/eJxMyUHPmjAYAOBfU258ad .... __8HP2ZE

and when I click it, Brave says: “Your connection is not private” and “net::ERR_CERT_COMMON_NAME_INVALID”

Shouldn’t the activation link default to https? Have I missed something in the setup?

I have verified the DNS settings and there is a CNAME record:

I am guessing the domain name email.mg.aboutmmt.au needs to be added to the nginx config?

If so what should I change it to? Do I do that manually or can I use the Ghost CLI? Or?

My config.production.json file for mail looks like:

  "mail": {
    "transport": "SMTP",
    "options": {
      "service": "Mailgun",
      "host": "smtp.mailgun.org",
      "port": 465,
      "secure": true,
      "auth": {
        "user": "noreply@mg.aboutmmt.au",
        "pass": "717a1 ... c5b4"
      }
    }
  },

Thanks,
Murray

Using dig email.mg.aboutmtt.au, we can see that this domain is a CNAME to mailgun.org, meaning it is controlled by MailGun, not hosted by you.

I suspect that Mailgun rewrote those links for click tracking.

So either look in Mailgun for to disable click tracking or look in Mailgun docs for how to enable HTTPS links for their click tracking. It will likely involve adding another DNS record to validate that you own the domain.

Ahhhh… yes, I see, thank you! I will report back once I work it out.
Murray