I recently had to fix my Ghost setup because I had screwed up the SSL certificates the first time around. Rather than fiddle with things, I found it easiest just to reinstall and start from scratch.

Since the steps as described in my installation notes might help other Ghost noobs, I figured I'd post them.

Note: I opted to use DigitalOcean because it was much less expensive than my prior webhost, Site5. Digital Ocean also has excellent documentation and some easy software installation tools. I am not running any affiliate links to DigitalOcean so the mention of my host is not self-serving but rather for full transparency about my hosting setup.

Here's the step-by-step for configuring your domain and SSL certificate via DigitalOcean:

• Once you have setup a new Ghost droplet on DigitalOcean, have DigitalOcean manage the DNS for your blog (there are settings for this on the DigitalOcean dashboard).
• Create an A-name record for your canonical domain. This will be either your “naked domain” (e.g. mentalpivot.com in the case of my site) or “www.mentalpivot.com”. I setup mentalpivot.com as the A-name record. I setup a C-name record for www.mentalpivot.com since I want that domain to act as an alias.
• It takes time for your DNS records to propagate throughout the internet. You can check on the progress here https://www.whatsmydns.net
• After your DNS changes have propagated, you can complete your ghost droplet setup. You can find the instructions on what to do for this step here: https://marketplace.digitalocean.com/apps/ghost
• The process on the link above will setup an SSL certificate for you. Make sure you select your CANONICAL url when prompted for this information (e.g. mentalpivot.com).
• Note that Ghost can ONLY point to one root domain. More importantly, note that www.mentalpivot.com and mentalpivot.com are NOT THE SAME (I previously treated them as the same, but Ghost won’t. So make sure you understand this point). Also: you cannot use a domain wildcard (e.g. *.mentalpivot.com) in this specific environment (DigitalOcean, LetsEncrypt SSL and Ghost).
• Next make sure you follow the SSL instructions here for setting up a 2nd domain:  https://ghost.org/docs/api/v2/ghost-cli/knowledgebase/#ssl
• Note that the path to the files you need to edit when setting up the 301 redirect can be found in this section of the Ghost docs: https://ghost.org/docs/api/v2/ghost-cli/knowledgebase/#nginx
• Since most online answers assume you know what the heck these config files are supposed to look like, it’s confusing when you vi into the file and have no idea what to add and what to delete. This link above includes some examples from user vikaspotluri123 that are helpful: https://forum.ghost.org/t/how-do-i-do-a-301-redirect-via-nginx/942/3
• Note that the semi-colon is important at the end of the 301 redirect line. Do not omit or you will get Nginx errors.