I pushed a website live last week (trellis/bedrock/sage) on DO.
the website is live, with SSL correctly active.
I set up some redirect rules with safe-redirect-manager plugin, I used this because it was on the trellis fav plugin, all good with this, everything is working as expected.
I read the docs, and from my understanding the only thing that I need to do, it is to list all the domains under redirects in /production/wordpress_sites.yml like this.
is it correct?
One thing: When you have specified IPv6 records (AAAA) Let’s Encrypt will use these first for the challenge. So either have correct AAAA records or none at all.
Thanks @strarsis, I was not aware of the AAAA record, I had to google it.
so basically I have to check if there is an AAAA record in place, if yes, I will need to point this to the same IP as the main record A, is this right?
Yes. When you have changed existing DNS records you may also want to check their DNS propagation and wait some minutes before re-applying the playbook (and performing the Let’s Encrypt validation). Temporarily changing the TTL may also be a good idea to speed up propagation.
Deactivation of SSL (of the old site/currently self-signed cert) shouldn’t be necessary.
There are the letsencrypt tag, maybe it already suffices for setting up Let’s Encrypt?
When in doubt, just run the whole playbook, it may take longer, but it may also reduce surprises.