Fix: Ghost behind Nginx with HTTPS and Let’s Encrypt
Symptom
Ghost is reachable locally on port 2368, but HTTPS does not work or Certbot fails to install the certificate.
Cause
Nginx is missing a proper server_name block matching the domain, preventing Certbot from attaching the certificate.
Solution
- Point the domain A record to the server IP.
- Create an Nginx server block with the correct
server_name. - Obtain the certificate using Certbot.
- Configure HTTPS with a reverse proxy to Ghost.
Nginx configuration
server { listen 80; server_name example.com www.example.com; return 301 https://$host$request_uri;
}server { listen 443 ssl http2; server_name example.com www.example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; location / { proxy_pass http://127.0.0.1:2368; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
}
}
Verify
curl -I https://example.com
Expected result:
HTTP/2 200
Notes
- Restart Nginx after changes.
- Ensure Ghost
urlsetting matches the HTTPS domain. - This fix is part of Fix Pack – Ghost behind Nginx.
Get all fixes in one place:
https://diorama0.gumroad.com/l/ptrzok