After using Certbot the site goes up fine but some webpages has “connection is insecure”, if these pages load a resource in a hardcoded http: instead https:.
I guess I could use sed in a similar way:
sed -i 's/http:/https:/g' //var/lib/mysql/databases/*
But is there a shorter way through Certbot? Is there, or if there isn’t, will you agree to add a parameter that will do this automatically for the selected domain names (not sure if Certbot has permissions to change MySQL and I guess it shouldn’t have)?
I ask this since when I created the certification per site I choose to create redirections but it seems not to help with these particular causers of “connection is not secured”.
If you do that you will get a funny and corrupted database. If you need to modify a database you need to logon into that database and use the right SQL sentences to do what you want.
certbot client has several options to launch scripts/commands when issuing/renewing a cert:
--pre-hook PRE_HOOK Command to be run in a shell before obtaining any
certificates. Intended primarily for renewal, where it
can be used to temporarily shut down a webserver that
might conflict with the standalone plugin. This will
only be called if a certificate is actually to be
obtained/renewed. When renewing several certificates
that have identical pre-hooks, only the first will be
executed. (default: None)
--post-hook POST_HOOK
Command to be run in a shell after attempting to
obtain/renew certificates. Can be used to deploy
renewed certificates, or to restart any servers that
were stopped by --pre-hook. This is only run if an
attempt was made to obtain/renew a certificate. If
multiple renewed certificates have identical post-
hooks, only one will be run. (default: None)
--deploy-hook DEPLOY_HOOK
Command to be run in a shell once for each
successfully issued certificate. For this command, the
shell variable $RENEWED_LINEAGE will point to the
config live subdirectory (for example,
"/etc/letsencrypt/live/example.com") containing the
new certificates and keys; the shell variable
$RENEWED_DOMAINS will contain a space-delimited list
of renewed certificate domains (for example,
"example.com www.example.com" (default: None)
So you could create a script to perform the needed changes into your mysql databases and call it using certbot [other options] --post-hook /path/to/your/script or certbot [other options] --deploy-hook /path/to/your/script
But as I said before, you should not use sed command directly or you could corrupt your database, instead you should use something like this mysql - Search & replace 'http' to 'https' in database - Stack Overflow to perform changes directly into your database. Anyway, before changing anything directly into the db, double check that you have a backup of that database, that you know what you are doing and that there isn't other alternative to performing this change using the admin conf for that particular software (wordpress or similar) because maybe this change can be performed directly using its admin panel.
Regarding permissions, certbot run as root but keep in mind that to perform changes into your databases you need to provide a user and password to logon into your db.