This blog is a ghost blog hosted on this Digital Ocean droplet.
To set up SSL, we just need to run one magical command as there's things already built in to ghost that will do the work for us:
ghost setup ssl
But to get to that point, you'll need to:
- connect to the server via command line
- change in to the directory where ghost is installed because we'll need to use the in built ghost config and setup, which for me is
/var/www/ghost
- change to a non-root user, so run
sudo su ghost-mgr
- use the in built ghost config and setup
ghost config url https://idontunderstand.it
ghost setup nginx ssl
ghost setup ssl
And that's it!
Though initially, with the above last command, at the time this post was published (on the leap day of 2020!) , i got an error about "could not get nonce".
So I added more logging with
run ghost setup ssl -Vh
Which told me to check the status of Let's Encrypt and go to https://letsencrypt.status.io/ - and sure enough, there was an "Issuance disruption" when I tried to set this up initially!
This disruption lasted quite a while so I tried again on another day. Searching online, there was a bug which caused this:
Update about 2020.02.29 CAA Rechecking Bug can be found here: https://t.co/A1KjbZ01oA
— Let's Encrypt (@letsencrypt) March 5, 2020
This bug reports says that:
"The proximate cause of the bug was a common mistake in Go: taking a reference to a loop iterator variable."
I wasn't affected for the revoking of certificates - just by the issuance of certificates being down.