I'm dropping this here to help anyone who's like me and is spending hours trying to set up Let's Encrypt on their ghost blog that's running behind Cloudflare. After many painful hours I've finally managed to get it running. I may also be writing this so I can reference it myself in future if I ever need to re-install it or set up a new blog...

Disclaimer: I fully admit I'm a rookie at this stuff, and I'm still learning. If you've any suggestions for a better way of doing things, or if you see something I've done obviously wrong, please let me know in the comments or hit me up on twitter

Anyways, here's what I did.

  1. Visit this post on Robert Nealan's article about setting up a Ghost blog on a Digital Ocean Droplet. His steps are exactly what you'll need and he keeps the post updated as things develop on DigitalOcean. Follow his steps and you'll have a Ghost blog running on a DigitalOcean droplet.
  2. (Assuming you've set up your site on Cloudflare) - Visit this post on Cloudflare's support forum. Those steps get you a certificate working. The only part of this article that didn't work for me is the renewal part. Couldn't get it working. For that I used
  3. This post on the Let's Encrpyt forum. The one and only answer is the command that let me renew the cert.

To set that command to auto-renew my certificate, I used this code in my crontab. I'm new to cron jobs so I'm not 100% certain this will work, so will keep an eye on things over the next few months.

# Check every two months to renew cert
0 0 1 */2 * certbot renew --preferred-challenges http