Self-hosted Ghost ssl not populating

I'm unable to figure out why the SSL won't load. I get a process error each time:

My domain is: bre-miche.com

I ran this command: ghost setup ssl

It produced this output:
Last login: Wed Apr 5 17:35:11 2023 from 198.211.111.194
root@ghostonubuntu2204-s-1vcpu-1gb-intel-nyc1-01:~# sudo -i -u ghost-mgr
ghost-mgr@ghostonubuntu2204-s-1vcpu-1gb-intel-nyc1-01:~$ cd /var/www/ghost/
ghost-mgr@ghostonubuntu2204-s-1vcpu-1gb-intel-nyc1-01:/var/www/ghost$ ghost setup ssl

? Enter your email (For SSL Certificate) bre@bre-miche.com

  • sudo /etc/letsencrypt/acme.sh --upgrade --home /etc/letsencrypt
  • sudo /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain bre-miche.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail bre@bre-miche.com
    :heavy_multiplication_x: Setting up SSL
    One or more errors occurred.
  1. ProcessError

Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#' /etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --server letsencrypt --domain bre-miche.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail bre@bre-miche.com
[Thu Apr 6 04:03:34 UTC 2023] bre-miche.com:Verify error:66.111.4.54: Invalid response from http://bre-miche.com/.well-known/acme-challenge/3KjSPeCbX13KrlSmsFJzoLS6AJlE9ZIWK9t2KUsFYHg: 404
[Thu Apr 6 04:03:34 UTC 2023] Please add '--debug' or '--log' to check more details.
[Thu Apr 6 04:03:34 UTC 2023] See: How to debug acme.sh · acmesh-official/acme.sh Wiki · GitHub

[Thu Apr 6 04:03:29 UTC 2023] Using CA: https://acme-v02.api.letsencrypt.org/directory
[Thu Apr 6 04:03:29 UTC 2023] Single domain='bre-miche.com'
[Thu Apr 6 04:03:29 UTC 2023] Getting domain auth token for each domain
[Thu Apr 6 04:03:31 UTC 2023] Getting webroot for domain='bre-miche.com'
[Thu Apr 6 04:03:31 UTC 2023] Verifying: bre-miche.com
[Thu Apr 6 04:03:31 UTC 2023] Pending, The CA is processing your order, please just wait. (1/30)

Exit code: 1

Debug Information:
OS: Ubuntu, v22.04.1 LTS
Node Version: v16.17.0
Ghost Version: 5.42.0
Ghost-CLI Version: 1.24.0
Environment: production
Command: 'ghost setup ssl'

Additional log info available in: /home/ghost-mgr/.ghost/logs/ghost-cli-debug-2023-04-06T04_03_34_685Z.log

My web server is (include version): Ghost

The operating system my web server runs on is (include version): Ubuntu, v22.04.1 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Digital Ocean droplet web console

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA

Hi @BreMiche, and welcome to the LE community forum :slight_smile:

#1 What do the acme.sh logs show?

#2 We should review the output of: nginx -T

3 Likes

Are you running acme.sh on your nginx server?

3 Likes

Is IP 66.111.4.54 the correct IP?:

curl -Ii http://bre-miche.com/
HTTP/1.1 404 Not Found       <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Server: nginx
Date: Thu, 06 Apr 2023 16:18:55 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
x-backend: web3
X-Frontend: frontend2
X-Trace-Id: ti_65deb2b15b832026473efaeedb25b066

You must have a working HTTP site before you can use HTTP-01 authentication to secure it.

3 Likes

To find your IP Addresses use

curl -4 ifconfig.co
curl -6 ifconfig.co

and/or

curl -4 ifconfig.io
curl -6 ifconfig.io

And please share the output.

2 Likes

So this is my IP addresses: iv4 - 157.230.54.211
iv6 couldn't connect to server

2 Likes

Yet the DNS Records show https://dnsspy.io/scan/bre-miche.com

https://unboundtest.com/m/A/bre-miche.com/3XDJBBBB

Query results for A bre-miche.com

Response:
;; opcode: QUERY, status: NOERROR, id: 52234
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bre-miche.com.	IN	 A

;; ANSWER SECTION:
bre-miche.com.	0	IN	A	66.111.4.54

----- Unbound logs -----
Apr 06 16:49:06 unbound[1023177:0] notice: init module 0: validator
Apr 06 16:49:06 unbound[1023177:0] notice: init module 1: iterator

Let's Encrypt will validate the HTTP-01 challenge based off of what the Domain Name resolve IP Address(es). So it looks like there is a DNS Configuration issue.

1 Like

I see now, let me see if I can fix this by changing that.

So I finally got it up, had to delete and create new A records and now SSL has been added. Thank you all for the assist!

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.