Tutorial, Web

Ghost CLI - Auto-renewing Certificate

In my previous post, I mentioned how the auto-renewal feature is not working for my SSL cert and that I had to run a command manually to get it to go.

(Yeah, I know I said I didn't have time to dig in anymore, but it was bugging me to the point where I felt I needed to make time. *Sigh*.)

I found another command that actually utilizes the acme.sh script that Ghost sets up (instead of running the certbot command directly like I did in my last post) that I'm going to plug in here for my own reference later (which might help you, too):

/etc/letsencrypt/acme.sh --issue --home /etc/letsencrypt --domain www.abc.com --webroot /var/www/abc/system/nginx-root --reloadcmd "nginx -s reload" --accountemail <your email here>

Replace 'www.abc.com" with the domain for which you are renewing the certificate and the 'abc' portion of the '/var' path with the location of your site on disk.

Also, make sure you tack on your own admin email address at the end (though, I'm not 100% sure this parameter is necessary).

Now, if you look at the cron job (run the 'crontab -e' command) registered by the Ghost CLI, you'll see this:

"/etc/letsencrypt"/acme.sh --cron --home "/etc/letsencrypt" > /dev/null

This should be a more generic way of running the auto-renewal script and should update all of the sites on your box, but it wasn't working for me initially.

After running the command above and the one in my previous post, this now seems to work (as far as I can tell, anyway), so I don't think it's necessary to plug the command from above into cron in place of this (which is what I was going to do before I realized that this one now seems to be working).

I'm not sure if those other commands set something up that wasn't configured correctly from the start, but I'm hoping my auto-renewal problem is now fixed.

I guess I'll know here in about 3 months. :-)

(Header image by Hannah Joshua on Unsplash)

Author image

About Tony Thorsen

Father of two, husband of one, Maker of many things. Tinkerer, dreamer, pixel nudger.