Congrats on the progress!
The cert shows up fine for me at https://cg-originals.com/ but not for the www version because www is not included in the cert, e.g., see
openssl s_client -connect cg-originals.com:443 2>&1 | openssl x509 -text | grep DNS
The problem is that once the cert is created, Trellis won’t adjust the domains it covers, at least not until roots/trellis#630 is merged. So, you’ll need to do the following:
[You] could just back up your data/files, rebuild the server, clear relevant entries from known_hosts, and reprovision…
If you prefer not to rebuild, you could try these steps:
SSH into Trellis server and delete the CSRs in /var/lib/letsencrypt/csrs
SSH into Trellis server and delete the certs in /etc/nginx/ssl/letsencrypt
[don’t worry about this one]
Set ssl enabled: false in group_vars/<environment>/wordpress_sites.yml
Run ansible-playbook server.yml -e env=<environment> --tags wordpress
Set ssl enabled: true in group_vars/<environment>/wordpress_sites.yml
Run ansible-playbook server.yml -e env=<environment> --tags letsencrypt
If the page doesn’t load in your browser, double-check on a different browser or machine, maybe clear browser cache for related domains, and maybe clear HSTS headers for related domains.
If you want to help test roots/trellis#630 , it’d be great. Once it is merged, none of this would be necessary.
3 Likes