Ghost SSL 证书过期的解决办法

原因

Ghost 本身其实会自动 renew 证书，可使用如下命令查看定时任务：

$ sudo crontab -l
56 7 * * * "/etc/letsencrypt"/acme.sh --cron --home "/etc/letsencrypt" > /dev/null

有这个输出就表示会自动 renew。但是根据网上的说法，Ghost 没有及时升级 /etc/letsencrypt/acme.sh 版本，造成 renew 失败之类的。

我看同目录下的 account.conf 中有一行是这样的：

#AUTO_UPGRADE="1"

自动升级默认是被注释掉的，不过我也不能百分比确定取消注释就会自动升级。具体我也不是很懂，就不多说了，就提一嘴。

解决

所以总而言之，就是要升级 acme.sh 然后重启 Ghost。

1、进入 acme.sh 目录：

$ cd /etc/letsencrypt

2、备份原文件：

$ sudo cp acme.sh acme.sh.bk

3、升级：

root@ghost:/etc/letsencrypt# sudo ./acme.sh --upgrade
touch: cannot touch '/root/.acme.sh/http.header': No such file or directory
./acme.sh: line 7046: cd: /root/.acme.sh: No such file or directory
[Thu 01 Aug 2024 07:20:53 AM CEST] Installing from online archive.
[Thu 01 Aug 2024 07:20:53 AM CEST] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz
touch: cannot touch '/root/.acme.sh/http.header': No such file or directory
[Thu 01 Aug 2024 07:20:54 AM CEST] Extracting master.tar.gz
[Thu 01 Aug 2024 07:20:55 AM CEST] It is recommended to install socat first.
[Thu 01 Aug 2024 07:20:55 AM CEST] We use socat for the standalone server, which is used for standalone mode.
[Thu 01 Aug 2024 07:20:55 AM CEST] If you don't want to use standalone mode, you may ignore this warning.
[Thu 01 Aug 2024 07:20:55 AM CEST] Installing to /root/.acme.sh
[Thu 01 Aug 2024 07:20:56 AM CEST] Installed to /root/.acme.sh/acme.sh
[Thu 01 Aug 2024 07:20:58 AM CEST] bash has been found. Changing the shebang to use bash as preferred.
[Thu 01 Aug 2024 07:20:59 AM CEST] OK
[Thu 01 Aug 2024 07:20:59 AM CEST] Install success!
[Thu 01 Aug 2024 07:20:59 AM CEST] Upgrade success!

4、升级后的文件是放在 home 目录下的，所以要 cp 过来：

$ sudo cp ~/.acme.sh/acme.sh .

5、手动执行一次定时任务。注意加上 —force，原因：sudo · acmesh-official/acme.sh Wiki

我的输出结果是这样的

root@ghost:/etc/letsencrypt# sudo "/etc/letsencrypt"/acme.sh --cron --home "/etc/letsencrypt"
[Thu 01 Aug 2024 07:23:24 AM CEST] ===Starting cron===
[Thu 01 Aug 2024 07:23:24 AM CEST] Renewing: 'ghost.bookstreet.top'
[Thu 01 Aug 2024 07:23:24 AM CEST] Renewing using Le_API=https://acme-v02.api.letsencrypt.org/directory
[Thu 01 Aug 2024 07:23:24 AM CEST] Skipping. Next renewal time is: 2024-09-14T15:44:06Z
[Thu 01 Aug 2024 07:23:24 AM CEST] Add '--force' to force renewal.
[Thu 01 Aug 2024 07:23:24 AM CEST] Skipped ghost.bookstreet.top
[Thu 01 Aug 2024 07:23:24 AM CEST] ===End cron===

6、重启 Ghost：

$ cd /var/www/ghost
$ ghost restart