Essentially, I installed Ghost on my new ubuntu 16.04 droplet over on Digital Ocean. Everything went smoothly until I was an idiot and inputted the wrong email address on the let’s encrypt setup part. At the time this email was not working and I did not and have still not received any emails regarding the domain. I tried changing the email address in the accounts.conf file in the directory /etc/letsencrypt. This did not work. And, I also tried running the following Certbot command with the following output:
As you can see from the output this did not work. Following this, I have also noticed HTTPS only works in chrome. In both firefox and edge, you can only connect to the site using HTTP which I don’t understand. When I check the domain on sslshopper.com it passes and says it has a certificate that runs out on 11/09/2018.
If you guys can help me fix these issues and change the email address associated with this so I get emails from Let’s encrypt about the domain that would be great.
Below is as much information as I could fill out from the questions.
I don't use ghost but seems they are using acme.sh to issue the certificates, checking the doc you should update your account email using this command:
I have entered the command you game me and have received the following output:
[Thu Jun 14 12:54:39 UTC 2018] Registering account
[Thu Jun 14 12:54:40 UTC 2018] Already registered
[Thu Jun 14 12:54:40 UTC 2018] ACCOUNT_THUMBPRINT='XXX'
There is string of characters in the account thumbprint bit, I just didn't know where it would be wise to put that publicly so I left it out.
Also, I had to sudo the command as without sudo it produced:
touch: cannot touch '/etc/letsencrypt/http.header': Permission denied
[Thu Jun 14 12:54:10 UTC 2018] Only RSA or EC key is supported.
Is this okay then? Sorry to ask questions that may be stupid just want to make sure it is okay.
Also, because the account is already registered going by that output will all future renewal notifications go to that email rather than the old one?
Would you be able to provide me with a command to do this so I can be sure I got it right? Probably take me hours to figure it out,
If acme.sh updated the account correctly and seems it did, then yes, you should receive future notifications in the new email address.
As you have already the cert, you could force the renew but as I said I don't use ghost so don't know whether this is the best way to do it. Anyway, you could try this command:
It seems to have worked. It issued me a new certificate on that domain. I have also restarted nginx and ghost.
And, the new certificate seems to be showing on Firefox and Edge so I'm going to say it has worked.
Thank you for all of your help. This has been baffling me since it happened. Hopefully, I should get the emails through close to the renewal time to see if that has worked and as I haven't seen any yet since I changed it.