The Ghost initial setup has been great. I am running a v5.40.2 on a Ubuntu 22.04 server.
However, I then tried to add an A record for an external IP address in my DNS settings, pointing it to a subdomain (example.mydomain.com). The SSL validation then failed in the browser, though I do not know the cause.
I attempted to add the subdomain in a similar fashion shown here but later realized I do not want to do this:
ghost config url https://example.mydomain.com // not a www.* subdomain
ghost setup nginx ssl
ghost config url https://mydomain.com
I have not run this command yet to set the new [undesired] configuration.
sudo nginx -s reload
Is there anything I can do to undo this new configuration? I do not know if it would it be safe to simply remove the nginx configuration like this or if there are additional considerations to be made (e.g. for the ssl portion of ghost setup ...)?
Thank you, that’s not quite what I was asking though there was some useful information in there!
I’m trying to add an A list record for another subdomain other than Ghost. Ghost is configured on my root domain but I would like to add another service at example.mydomain.com which points to an IPv4 address.
However, when I do this simply through my DNS provider it appears there is no SSL certificate configured, with the browser showing:
Your connection is not private
Attackers might be trying to steal your information from example.mydomain.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
The tutorials I see from the service seem to indicate it should work as expected but I’ve noticed non-supported subdomains (i.e. abc.mydomain.com) do not show [as expected] but use a plain http:// connection. It seems like there should be a way to support https:// on the entire domain, rather an explicitly defined subdomains…? (in the manner shown in the explicitly defined subdomains section here)
I was wondering if I you might know what to do with the nginx and/or ssl configurations to make this work?
I’m still uncertain what you are trying to achieve. From what I gather, you have a Ghost site working okay on the bare domain, and want to set up another using a subdomain. Is this correct? Additionally, do you intend using Ghost with the subdomain?
I think I found the problem: Let’s Encrypt will only certify content derived from the host. I think I will need to find another certificate authority to provide one that can verify content from an external IP address.
For additional context, here’s the command I gave to try and the response it gave:
$ sudo certbot certonly --webroot -d example.mydomain.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for example.mydomain.com
Input the webroot for example.mydomain: (Enter 'c' to cancel): var/www/example.mydomain.com/html
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Detail: XX.XX.XXX.XX: Invalid response from http://example.mydomain.com/.well-known/acme-challenge/rz-DO0t34GNh8lHc3ynpn5n_BFQnfC15SE1DcL7TWjo: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
You haven’t stated what the other “server” is, but if you’re proxying the service from the same server as you’re running Ghost, then the A record should point to this server, and the certificate can be issued.
Otherwise, request the certificate from the origin server.