Eric Brock

Fun with certs

Eric -

The cert on this blog expired earlier this year. Ghost uses acme.sh to renew certificates which runs on a cronjob. Ran into a weird issue where the script wouldn't renew the expired cert:

[Thu Oct 28 00:23:01 UTC 2021] Le_API
[Thu Oct 28 00:23:01 UTC 2021] Skip invalid cert for: blog.ericbrock.net
[Thu Oct 28 00:23:01 UTC 2021] Return code: 2
[Thu Oct 28 00:23:01 UTC 2021] Skipped blog.ericbrock.net

Fix steps:

  1. Move net-ssl.conf file to a safe place.
  2. Run ghost setup ssl again.
  3. Move net-ssl.conf back.
  4. Run nginx -s reload.

Might be related: https://github.com/acmesh-official/acme.sh/issues/2217