Ghost install fails at SSL issuing, multiple times over

Help
1

Hello. I have tried and failed to install Ghost on a raspberry pi 5 via Ubuntu server multiple times now (using this guide). Most of the install goes fine, and running ghost ls shows a site running in production.

However, going to https://nicweyand.com gives nothing, and http://nicweyand.com gives " 502 Bad Gateway --- nginx/1.26.0 (Ubuntu)". Going direct to the IP address gives a "Welcome to nginx!" message.

I am fairly new to this, so please be gentle lol. I will add I have a pihole running on a seperate device, and have configured UFW rules to allow NGINX full on the Ghost pi, and seperated the pihole ports 80/443 to 8080/8443, but I cannot figure out if the pihole never updated from 80/443 -> 8080/8443, given I cannot figure out the way to update that and just hoped running sudo pihole -r would update it.

I also updated the port forwarding rules on my eero routers. 80/443 to the Ghost pi, 8080/8443 for the pihole.

My domain is: nicweyand.com

I ran this command:

ghost install

later

ghost setup ssl

Both produced this output:

? Enter your email (For SSL Certificate) [hiding this]
+ sudo /etc/letsencrypt/acme.sh --upgrade --home /etc/letsencrypt
? Sudo Password [hidden]
+ sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain nicweyand.com --webroot /var/www/nicweyand/system/nginx-root --reloadcmd "nginx -s reload" --accountemail [hiding this] --keylength 2048
✖ Setting up SSL
One or more errors occurred.

1) ProcessError

Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#'  /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain nicweyand.com --webroot /var/www/nicweyand/system/nginx-root --reloadcmd "nginx -s reload" --accountemail nicweyand@protonmail.com --keylength 2048
[Mon Mar 24 18:25:36 EDT 2025] nicweyand.com: Invalid status. Verification error details: [ip address, dunno if I should have this]: Fetching http://nicweyand.com/.well-known/acme-challenge/[hiding this? should I lol? Eh, hiding for now] **Timeout during connect (likely firewall problem)** (emphasis mine)
[Mon Mar 24 18:25:36 EDT 2025] Please add '--debug' or '--log' to see more information.
[Mon Mar 24 18:25:36 EDT 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

[Mon Mar 24 18:25:22 EDT 2025] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Mon Mar 24 18:25:22 EDT 2025] Single domain='nicweyand.com'
[Mon Mar 24 18:25:23 EDT 2025] Getting webroot for domain='nicweyand.com'
[Mon Mar 24 18:25:23 EDT 2025] Verifying: nicweyand.com
[Mon Mar 24 18:25:24 EDT 2025] Pending. The CA is processing your order, please wait. (1/30)
[Mon Mar 24 18:25:26 EDT 2025] Pending. The CA is processing your order, please wait. (2/30)
[Mon Mar 24 18:25:29 EDT 2025] Pending. The CA is processing your order, please wait. (3/30)
[Mon Mar 24 18:25:31 EDT 2025] Pending. The CA is processing your order, please wait. (4/30)
[Mon Mar 24 18:25:34 EDT 2025] Pending. The CA is processing your order, please wait. (5/30)

Exit code: 1


Debug Information:
    OS: Ubuntu, v24.10
    Node Version: v20.19.0
    Ghost Version: 5.114.1
    Ghost-CLI Version: 1.27.0
    Environment: production
    Command: 'ghost setup ssl'

Additional log info available in: [basically the same as above]

My web server is (include version): nginx/1.26.0 (Ubuntu)

The operating system my web server runs on is (include version): Ubuntu

My hosting provider, if applicable, is: Self hosted on Raspberry Pi 5, but domain registered through GoDaddy (I didn't know what I was doing)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): bash/terminal in ubuntu.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): whatever Ghost uses, plus the snap version to see if that helped (it did not)

Please help, this is the main point of failure for me after multiple, repeated failures, and I cannot get over this hump. I created this account to get help please help meeeeeeeeeeeeeeeeee!!!! Thank you in advance!!!!

2

I don’t find Linux mentioned here Ghost (disk utility) - Wikipedia, am I missing something?

3 Likes
3
3 Likes
4

Or is it this https://ghost.org/? Clearly the name Ghost is too overloaded.
Official Ghost + Let's Encrypt Integration

3 Likes
5

Right now from the public internet both HTTP and HTTPS fail.

HTTP times out see: Let's Debug

HTTPS connections are refused. See: SSL Checker

Are you sure your ISP allows inbound requests to you on port 80 ? If so, check any other network routing and/or port handling in your local network. For both 80 and 443.

I assume the '502' error you saw was when testing from inside your local network?

3 Likes
6

Yeah it just keeps failing, idk what I am doing wrong. I just uninstalled ghost from the Pi, gonna just pay for hosting. I have been failing at this step for months, and literally everything I do fails at the SSL step. There is nothing online to help me. Oh well. Thank you everyone for the assistance, I do appreciate it!

7

It will fail at the SSL Step if routine HTTP requests fail to reach your server.

I couldn't connect to your "home" page, for example

Are you sure your ISP allows connections inbound to you on port 80 and 443?

I see you removed your DNS A record for your domain so makes it a little difficult to help further. But, yeah, perhaps a hosted service that allows you to focus on the content rather than the technical bits would be better for you.

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.