To do a Trellis DO SSL Upgrade to have your Digital Ocean Droplet run Trellis with all secure https SSL urls several steps will need to be taken. Let me take you through them.
Backup Digital Ocean Droplet
Snapshot of server as a backup via Digital Ocean Control Panel. This will take 10-20 minutes on a running server. Probably quicker when the server is shutdown, but we often don’t want that to happen.
Database Backup
Database backup using Sequel Pro or MySQL Workbench. Just so we have not just a server backup, but a database backup as well. In case of a multisite that could mean backing up over 250 tables like in the case we use for the migration to SSL for this blog post.
Update Trellis to Latest
Make sure you
upgrade Trellis to latest while you are at it. Sometimes your Trellis is too outdated and then the Let’s Encrypt SSL will work with old background checks and fail to work properly. The post I just linked to goes through all the steps. Basically you need to add an upstream new repo which is the Trellis Repo, fetch it and then merge it with your own repo. Once that is done you can do a
ansible-playbook server.yml -e env=environment
Make sure you get the all green like:
PLAY RECAP ********************************************************************************************************
xxx.xxx.xxx.xx : ok=95 changed=6 unreachable=0 failed=0
localhost : ok=0 changed=0 unreachable=0 failed=0
Activate SSL and Provision SSL
To activate SSL and have Let’s Encrypt SSL work on your server change /Users/jasper/webdesign/uniquehotelspa.com/uniquehotelspa-com/trellis/group_vars/production/wordpress_sites.yml and make it
ssl:
enabled: true
provider: letsencrypt
Once that is done and pushed to Github you can run a
ansible-playbook server.yml -e env= --tags letsencrypt
Database Search and Replace
For database search and replace to replace or no secure http urls with https SSL urls we ssh into the Trellis box and do a search and replace with WordPress CLI. We talked about it for
changing a .dev url into a .com url before, but now we will change the protocol to https.
We will start with this test command:
wp search-replace 'http://domain.com' 'https://domain.com' --skip-columns=guid --dry-run
This shows the changes that will be made needed to have all links with https. Once you are satisfied with changes to be made you can skip –dry-run and actually execute the command and make the database changes:
wp search-replace 'http://domain.com' 'https://domain.com' --skip-columns=guid
Once this is done all non secure links should be secure now.
Multi Site
If you are using multisite please use:
wp search-replace --network http://domain.com https://domain.com --skip-columns=guid --dry-run
Mixed Content Check
Although all should be well by now do check for mixed content. There can always be some elements that somehow bypassed the changes made. Mixed content means that you for example still have fonts loaded over http. Anything still loaded over http will cause the green lock not to appear in your browser address bar. Use the Chrome inspector to find the issue in question and address it appropriately.