I’ve got a workflow question and feel like I might be missing something.
I created a new Digital Ocean (DO2) droplet to serve a site that is currently running on an existing Digital Ocean droplet (DO1).
The site uses Let’s Encrypt and the DNS zone file was pointing to DO1.
In my local trellis folder, I updated the hosts/production
file with the new IP address, but when I attempt to provision this new server with my existing trellis setup, it failed on the Let’s Encrypt role. This makes sense to me since the DNS wouldn’t resolve to the new droplet, and so Let’s Encrypt has no way of reaching DO2.
What I did was temporarily change the ssl: enabled
from true
to false
in group_vars/production/wordpress_sites.yml
and attempted to re-provision the server.
This finished provisioning DO2 and I was able to deploy the code, move and import the DB.
I updated my local hosts file to point to DO2 so that I could test the site on the new server in a browser. It didn’t work initially work, so I:
- Logged into DO2 as root
- Removed the nginx site config at
/etc/nginx/sites-enabled/letsencrypt-example.com.conf
- Restarted nginx :
systemctl restart nginx
.
The site came up and confident that everything was working except for SSL, I decided to
- Update
ssl: enabled: true
ingroup_vars/production/wordpress_sites.yml
- Update the DNS to point to DO2.
- Re-provision DO2 using
ansible-playbook server.yml -e env=production
Everything looks good, with the site running on the new server, it’s just that the site was offline for about 10 mins while the DNS propagated and I re-provisioned DO2 to generate the Let’s Encrypt certificate.
I’m not doing this type of thing too often (only this one time in the last year of roots usage) and this isn’t a high traffic site, so there wasn’t much of an issue of having the site offline for 10 mins. Ideally I would like zero down time when I need to do this with another higher traffic site.
Has anyone else run into this kind of problem, or am I missing something in my workflow?