Trellis DO SSL Upgrade

To do a Trellis DO SSL Upgrade to have your Digital Ocean Droplet run Trellis with all secure https SSL urls several steps will need to be taken. Let me take you through them.

Backup Digital Ocean Droplet

Snapshot of server as a backup via Digital Ocean Control Panel. This will take 10-20 minutes on a running server. Probably quicker when the server is shutdown, but we often don’t want that to happen.

Database Backup

Database backup using Sequel Pro or MySQL Workbench. Just so we have not just a server backup, but a database backup as well. In case of a multisite that could mean backing up over 250 tables like in the case we use for the migration to SSL for this blog post.

Update Trellis to Latest

Make sure you upgrade Trellis to latest while you are at it. Sometimes your Trellis is too outdated and then the Let’s Encrypt SSL will work with old background checks and fail to work properly. The post I just linked to goes through all the steps. Basically you need to add an upstream new repo which is the Trellis Repo, fetch it and then merge it with your own repo. Once that is done you can do a
ansible-playbook server.yml -e env=environment

Make sure you get the all green like:

PLAY RECAP ********************************************************************************************************
xxx.xxx.xxx.xx             : ok=95  changed=6    unreachable=0    failed=0   
localhost                  : ok=0    changed=0    unreachable=0    failed=0   

Activate SSL and Provision SSL

To activate SSL and have Let’s Encrypt SSL work on your server change /Users/jasper/webdesign/uniquehotelspa.com/uniquehotelspa-com/trellis/group_vars/production/wordpress_sites.yml and make it

ssl:
enabled: true
provider: letsencrypt
Once that is done and pushed to Github you can run a
ansible-playbook server.yml -e env= --tags letsencrypt

Database Search and Replace

For database search and replace to replace or no secure http urls with https SSL urls we ssh into the Trellis box and do a search and replace with WordPress CLI. We talked about it for changing a .dev url into a .com url before, but now we will change the protocol to https.
We will start with this test command:
wp search-replace 'http://domain.com' 'https://domain.com' --skip-columns=guid --dry-run
This shows the changes that will be made needed to have all links with https. Once you are satisfied with changes to be made you can skip –dry-run and actually execute the command and make the database changes:
wp search-replace 'http://domain.com' 'https://domain.com' --skip-columns=guid
 Once this is done all non secure links should be secure now.

Multi Site

If you are using multisite please use:

wp search-replace --network http://domain.com https://domain.com --skip-columns=guid --dry-run

Mixed Content Check

Although all should be well by now do check for mixed content. There can always be some elements that somehow bypassed the changes made. Mixed content means that you for example still have fonts loaded over http. Anything still loaded over http will cause the green lock not to appear in your browser address bar. Use the Chrome inspector to find the issue in question and address it appropriately.
Tagged in : Tagged in :
Jasper Frumau

Jasper has been working with web frameworks and applications such as Laravel, Magento and his favorite CMS WordPress including Roots Trellis and Sage for more than a decade. He helps customers with web design and online marketing. Services provided are web design, ecommerce, SEO, content marketing. When Jasper is not coding, marketing a website, reading about the web or dreaming the internet of things he plays with his son, travels or run a few blocks.