Self-hosted Ghost ssl not populating

I'm unable to figure out why the SSL won't load. I get a process error each time:

My domain is:

I ran this command: ghost setup ssl

It produced this output:
Last login: Wed Apr 5 17:35:11 2023 from
root@ghostonubuntu2204-s-1vcpu-1gb-intel-nyc1-01:~# sudo -i -u ghost-mgr
ghost-mgr@ghostonubuntu2204-s-1vcpu-1gb-intel-nyc1-01:~$ cd /var/www/ghost/
ghost-mgr@ghostonubuntu2204-s-1vcpu-1gb-intel-nyc1-01:/var/www/ghost$ ghost setup ssl

? Enter your email (For SSL Certificate)

  • sudo /etc/letsencrypt/ --upgrade --home /etc/letsencrypt
  • sudo /etc/letsencrypt/ --issue --home /etc/letsencrypt --server letsencrypt --domain --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail
    :heavy_multiplication_x: Setting up SSL
    One or more errors occurred.
  1. ProcessError

Message: Command failed: /bin/sh -c sudo -S -p '#node-sudo-passwd#' /etc/letsencrypt/ --issue --home /etc/letsencrypt --server letsencrypt --domain --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail
[Thu Apr 6 04:03:34 UTC 2023] error: Invalid response from 404
[Thu Apr 6 04:03:34 UTC 2023] Please add '--debug' or '--log' to check more details.
[Thu Apr 6 04:03:34 UTC 2023] See: How to debug · acmesh-official/ Wiki · GitHub

[Thu Apr 6 04:03:29 UTC 2023] Using CA:
[Thu Apr 6 04:03:29 UTC 2023] Single domain=''
[Thu Apr 6 04:03:29 UTC 2023] Getting domain auth token for each domain
[Thu Apr 6 04:03:31 UTC 2023] Getting webroot for domain=''
[Thu Apr 6 04:03:31 UTC 2023] Verifying:
[Thu Apr 6 04:03:31 UTC 2023] Pending, The CA is processing your order, please just wait. (1/30)

Exit code: 1

Debug Information:
OS: Ubuntu, v22.04.1 LTS
Node Version: v16.17.0
Ghost Version: 5.42.0
Ghost-CLI Version: 1.24.0
Environment: production
Command: 'ghost setup ssl'

Additional log info available in: /home/ghost-mgr/.ghost/logs/ghost-cli-debug-2023-04-06T04_03_34_685Z.log

My web server is (include version): Ghost

The operating system my web server runs on is (include version): Ubuntu, v22.04.1 LTS

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Digital Ocean droplet web console

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): NA

Hi @BreMiche, and welcome to the LE community forum :slight_smile:

#1 What do the logs show?

#2 We should review the output of: nginx -T


Are you running on your nginx server?


Is IP the correct IP?:

curl -Ii
HTTP/1.1 404 Not Found       <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Server: nginx
Date: Thu, 06 Apr 2023 16:18:55 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
x-backend: web3
X-Frontend: frontend2
X-Trace-Id: ti_65deb2b15b832026473efaeedb25b066

You must have a working HTTP site before you can use HTTP-01 authentication to secure it.


To find your IP Addresses use

curl -4
curl -6


curl -4
curl -6

And please share the output.


So this is my IP addresses: iv4 -
iv6 couldn't connect to server


Yet the DNS Records show DNS Spy report for

Query results for A

;; opcode: QUERY, status: NOERROR, id: 52234
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;	IN	 A


----- Unbound logs -----
Apr 06 16:49:06 unbound[1023177:0] notice: init module 0: validator
Apr 06 16:49:06 unbound[1023177:0] notice: init module 1: iterator

Let's Encrypt will validate the HTTP-01 challenge based off of what the Domain Name resolve IP Address(es). So it looks like there is a DNS Configuration issue.

1 Like

I see now, let me see if I can fix this by changing that.

So I finally got it up, had to delete and create new A records and now SSL has been added. Thank you all for the assist!


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.