Doing search in replace for all http: to https: through Certbot?

After using Certbot the site goes up fine but some webpages has “connection is insecure”, if these pages load a resource in a hardcoded http: instead https:.

I guess I could use sed in a similar way:

sed -i 's/http:/https:/g' //var/lib/mysql/databases/*

But is there a shorter way through Certbot? Is there, or if there isn’t, will you agree to add a parameter that will do this automatically for the selected domain names (not sure if Certbot has permissions to change MySQL and I guess it shouldn’t have)?

I ask this since when I created the certification per site I choose to create redirections but it seems not to help with these particular causers of “connection is not secured”.

Hi @benqzq,

If you do that you will get a funny and corrupted database. If you need to modify a database you need to logon into that database and use the right SQL sentences to do what you want.

certbot client has several options to launch scripts/commands when issuing/renewing a cert:

--pre-hook PRE_HOOK   Command to be run in a shell before obtaining any
                      certificates. Intended primarily for renewal, where it
                      can be used to temporarily shut down a webserver that
                      might conflict with the standalone plugin. This will
                      only be called if a certificate is actually to be
                      obtained/renewed. When renewing several certificates
                      that have identical pre-hooks, only the first will be
                      executed. (default: None)
--post-hook POST_HOOK
                      Command to be run in a shell after attempting to
                      obtain/renew certificates. Can be used to deploy
                      renewed certificates, or to restart any servers that
                      were stopped by --pre-hook. This is only run if an
                      attempt was made to obtain/renew a certificate. If
                      multiple renewed certificates have identical post-
                      hooks, only one will be run. (default: None)
--deploy-hook DEPLOY_HOOK
                      Command to be run in a shell once for each
                      successfully issued certificate. For this command, the
                      shell variable $RENEWED_LINEAGE will point to the
                      config live subdirectory (for example,
                      "/etc/letsencrypt/live/") containing the
                      new certificates and keys; the shell variable
                      $RENEWED_DOMAINS will contain a space-delimited list
                      of renewed certificate domains (for example,
                      "" (default: None)

So you could create a script to perform the needed changes into your mysql databases and call it using certbot [other options] --post-hook /path/to/your/script or certbot [other options] --deploy-hook /path/to/your/script

But as I said before, you should not use sed command directly or you could corrupt your database, instead you should use something like this mysql - Search & replace 'http' to 'https' in database - Stack Overflow to perform changes directly into your database. Anyway, before changing anything directly into the db, double check that you have a backup of that database, that you know what you are doing and that there isn't other alternative to performing this change using the admin conf for that particular software (wordpress or similar) because maybe this change can be performed directly using its admin panel.

Regarding permissions, certbot run as root but keep in mind that to perform changes into your databases you need to provide a user and password to logon into your db.

Good luck,

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.