Use ZeroSSL with ghost instead of Let's Encrypt

Question

Good day!

I have been trying out ghost with my domain for a while now! I never knew about the Let's Encrypt Rate Limit so I messed things up by installing and uninstalling repeatedly till I couldn't get another SSL from let's encrypt again!

I'm currently trying to reinstall and use it for real now but Let's Encrypt wouldn't issue me another SSL certificate. I waited for some days already and they still wouldn't give me!

I managed to get an SSL certificate manually from ZeroSSL but couldn't install it due to my unfamiliarity with Nginx and SSL certificates in general!!

I tried installing acme.sh manually and set the default server to ZeroSSL but whenever I run ghost setup SSL it still uses Let's Encrypt!

I was thinking of creating manually a configuration file in /etc/nginx/sites-enabled like steptzi.com.ng.conf and linking the one I had gotten manually!!

Please can anyone here explain to me how to configure the SSL certificate for both WWW and non-WWW version of my domain with ZeroSSL or maybe acme.sh

Ghost config.production.json:

{
  "url": "https://steptzi.com.ng",
  "server": {
    "port": 2368,
    "host": "127.0.0.1"
  },
  "database": {
    "client": "mysql",
    "connection": {
      "host": "localhost",
      "user": "ghost-39",
      "password": "3qQ&7\"lA:Oo^,OanH:MH",
      "database": "ghost_prod"
    }
  },
  "mail": {
    "transport": "Direct"
  },
  "logging": {
    "transports": [
      "file",
      "stdout"
    ]
  },
  "process": "systemd",
  "paths": {
    "contentPath": "/var/www/ghost/content"
  }
}

steptzi.com.ng.conf

server {
    listen 80;
    listen [::]:80;

    server_name steptzi.com.ng;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

Answer 1

Okay, so I figured it out!!

Steps:

• Go to https://zerossl.com to get a new SSL
• Download your SSL in the NGINX format

After downloading your certificate, you should have a ZIP containing the following certificate files:

certificate.crt
ca_bundle.crt
private.key

• Unzip the SSL file and upload it to the server may be through FileZilla
• NGINX requires all .crt files to be merged to allow SSL installation. You will need to run the following command to merge your certificate.crt and ca_bundle.crt files. cat certificate.crt ca_bundle.crt >> certificate.crt
• Move certificate.crt and private.key to /etc/ssl - sudo mv certificate.crt /etc/ssl and sudo mv private.key /etc/ssl
• Edit configuration file at /etc/nginx/sites-enabled/your-domain.com.conf

Add this immediately after the listen [::]:80; line

listen               443 ssl;
    
ssl                  on;
ssl_certificate      /etc/ssl/certificate.crt; 
ssl_certificate_key  /etc/ssl/private.key;

Your code should be similar to this now:

server {
    listen 80;
    listen [::]:80;

    listen               443 ssl;

    ssl                  on;
    ssl_certificate      /etc/ssl/certificate.crt;
    ssl_certificate_key  /etc/ssl/private.key;

    server_name your-domain.com.ng;
    root /var/www/ghost/system/nginx-root; # Used for acme.sh SSL verification (https://acme.sh)

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

• Restart the server

sudo /etc/init.d/nginx restart

• DONE!!!!