I ran into an issue with setting up Ghost on a Lightsail instance recently and just wanted to share the steps I went through in case anyone else had come across the issue.

I host my blog on an AWS Lightsail instance and I was getting two main issues when trying to set up a free SSL certificate (using LetsEncrypt) via Ghost CLI. The two main issues I was having were:

  1. I was getting a took too long to respond error when switching to SSL
  2. The non-www domain was getting the standard Nginx page instead of redirecting to the blog

I feel like both of these issues should be addressed in the Ghost CLI SSL setup process but once you know what the issue is, then it's fairly simple (if not a little fiddly) to resolve.

In this guide, I'll be going through the process of adding an SSL certificate to a Ghost blog on AWS Lightsail from start to finish so it's easier to follow.

Allow SSL connections to the Lightsail Instance

For reasons I don't understand, when creating a new instance on Lightsail, the default Networking rules don't allow incoming connections on port 443. This is the first thing we'll need to sort out.

  • Go to your Lightsail account page and click Manage on the server you want to run SSL on.
  • On the Networking tab, go down to Firewall and add a new rule which allows connections on port 443.

Tell Ghost to set up the SSL certificate

Now, using SSH, login to the Lightsail server and navigate to the root folder of the Ghost installation (default location is /var/www/ghost).

Then type in ghost setup nginx ssl to allow ghost-cli to actually build the SSL certificate.

Once it's done, it will create a new config file in system files. Head into that file to ensure that the link to the new SSL certificates are active. The CLI should tell you where the conf file is saved, usually it will be something like:

/var/www/ghost/system/files/[DOMAIN NAME]-ssl.conf

The LetsEncrypt SSL certificates are stored in /etc/letsencrypt so just make sure that the Ghost conf file is pointing to the right place and that those files actually exist.

Once it's run through the whole process, open up the config.production.json and change the URL to your domain name but ensure that it includes HTTPS to ensure that when we're all set up, it doesn't try to include anything over HTTP.

Run ghost restart and you should be done.

Nginx redirects on non-www domains

So, the second part of the issue was that visiting jackwdavis.com resulted in a standard Nginx welcome page instead of redirecting to www.jackwdavis.com.

There are a couple of ways around this but I chose to add a simple Nginx redirect to the server which gave a 301 instruction to point to the www version of my domain name.

We'll need to create a new redirect.conf file so do that by running the following command:

sudo nano /etc/nginx/conf.d/redirect.conf

Then type in the following code and save the new file, making sure to substitute [DOMAIN NAME] with your actual domain name:

server {
	server_name [DOMAIN NAME];
	return 301 $scheme://www.[DOMAIN NAME]$request_uri;
}

It should be fairly self-explanatory what's happening here; we're just telling the server to automatically redirect any requests to view example.com to www.example.com with a 301 header. If you don't know, 301 redirects tell browsers and bots like Google's crawlers that this should be treated as a permanent URL redirection.

Note: if you wanted to redirect www domain names to non-www domains, just switch the order so server_name uses www.example.com and the return uses example.com