Configuring HTTPS in a proper way is must for any site, as this can effect your blog/site traffic and can also effect your website rankings in Google and other search engines (SEO).

Luckily confiuring SSL on Ghost CMS is made so easy and breeze with Ghost CLI tool. It automatically takes care of everything to setup HTTPS on your Ghost Blog.

Configure HTTPS for non www version domain (example.com)

All you need to run is this one command.

ghost setup nginx ssl

This command will setup both nginx and letsencrypt for your non www version domain.

This command can setup all redirections for following cananical domains

http://example.com to https://example.com [200]
http://www.example.com to https://example.com [200]
https://example.com [200]

But cannot handle the following redirection

https://www.example.com to https://example.com [Browser Error]

This redirection will throw the following error

Error message
Hostname/IP does not match certificate's altnames: Host: www.example.com. is not in the cert's altnames: DNS:example.com

This is because the web browsers tries to validate the SSL certifcate before processing the redirection. Therefore, we need to have a valid SSL certificate for both our non-www (root domain) and our www domains.

To solve this issue all we need to do is to get the valid SSL certificate for our www domain from letsencrypt. To do that we need to change our website url temporarily to https://www.example.com. This can be done by following commands.

To run the commands you need to login into your Ghost User,  if you are using DigitalOcean then the username will be

ghost-mgr

su - <username>

Now Navigate to the root directory of the ghost install

cd /path/to-your-ghost-install/

Temporarily change website url to www version

ghost config url https://www.example.com

Get Valid SSL from LetsEncrypt with this following command

# Get Ghost-CLI to generate an SSL setup for you:
ghost setup nginx ssl

After getting your valid SSL revert to orignal website url

# Change your config back to your original root domain (with out www)
ghost config url https://example.com

Now we need to edit nginx config files to redirect the https://www.example.com to https://example.com

cd /etc/nginx/sites-enabled/

Find these two files www.example.conf and www.example.com-ssl.conf and edit them with you fav file editor and add the following line in location block in the config files.

return 301 https://example.com$request_uri;

This result of the edited config files should like this:

location / {
return 301 https://example.com.com$request_uri;
}

Now reload the nginx to take the effect of new redirections

sudo nginx -t 
sudo service nginx reload

That's it you have configured properly the ssl for your ghost blog.

Configure HTTPS for www version domain (www.example.com)

This process is same for both non www version and www version so just follow the non www version process mentioned above by replacing example.com with www.example.com and example.com with www.example.com