How to Fix SSL Certificate Renewal Issue on DigitalOcean Ghost Blog

I was checking out my blog after a couple of months and encountered an SSL error from Cloudflare. I logged into my DigitalOcean account after a long time to debug the issue.

The first thing that I found was that my ghost blog process was up and running. You can use the following command to check:

ghost ls

Got the following output which meant that my blog ghost instance was running fine.

Next, I tried doing running curl locally:

curl https://127.0.0.1

But I got the following error:

curl: (60) SSL certificate problem: certificate has expired

Next, I tried re-generating SSL using ghost command but it didn't work. Ghost skipped ssl setup step.

ghost setup ssl 

SSL has already been set up, skipping
ℹ Setting up SSL [skipped]

There was no other command to re-generate SSL directly via ghost command.

Solution

After some research, I found the solution to renew the SSL certificate manually using ACME.sh. Here’s the step-by-step process I followed to fix the SSL certificate renewal issue on my DigitalOcean-hosted Ghost blog.

Step 1: Ensure ACME.sh is Installed and Updated

First, I needed to ensure that ACME.sh was installed and updated. Since ACME.sh was already present in /etc/letsencrypt/acme.sh, I ran the following command to upgrade it:

sudo /etc/letsencrypt/acme.sh --upgrade --home "/etc/letsencrypt"

Step 2: Manually Renew the SSL Certificate

Next, I ran the command to manually renew the SSL certificate:

  sudo /etc/letsencrypt/acme.sh --cron --home "/etc/letsencrypt"

Step 3: Verify the Renewal

To confirm that the certificates had been renewed, I checked the certificate using the following output:

sudo /etc/letsencrypt/acme.sh --home "/etc/letsencrypt" --list

And got the following output which meant that the certificate had been renewed.

Step 4: Restart Ghost

After renewing the certificate, I needed to restart Ghost to apply the changes:

ghost restart

And that's it. Voila. All done.