The problem is that it's easy to access the admin interface from a non-encrypted HTTP connection by mistake. Sometimes you have to try and help protect users from themselves. If we can figure out how to automatically redirect attempts to access the admin interface via http to https.

Unless you have manually altered your template files you can skip step 3 (which is 3 quarters of the instructions). Even then, even though it looks involved; if you use an advanced text editor such as Notepad++ or BlueFish it's a simple (although perhaps time consuming) job of find-replace the code.

Before I go any further, I'd like to suggest that it may be best to start a new thread, as this line of query is not quite relevant to the thread here (other than we are talking about TomatoCart) and the thread is very old.

The first thing I would do is do a full backup of your site. Actually probably what i would do would be take a TKLBAM backup and restore to a clean instance (I'd be inclined to use a fresh local VM to test the upgrade). That way you are not working on your 'real' site so if something goes wrong you haven't lost anything. This has the bonus of ensuring that your backup works ok OOTB.

If the backup restores flawlessly all well and good, otherwise you could do a manual backup by copying all the files from /var/www/tomatocart (or something similar) and a DB dump. To ensure that none of your files accidentally get overwritten I would also simply copy this whole folder on your server.

service apache2 stop
cp /var/www/tomatocart /var/www/backup # or whatever the tomatocart folder is called
service apache2 start

Step 1 can be achieved using phpMyAdmin (which can be found on port 12322) or from the MySQL commandline (I would suggest an SSH client so you can copy paste - rather than type it all manually). Or you cold put it all in a .sql file and upload it to your server (again either via phpMyAdmin or upload and execute via commandline).

Step 2 can be acheived using SFTP to update (and overwrite the files). Then just copy your your includes/configure.php, ext/piwik/config/config.ini.php and the templates/glass_gray apparently (according to step 2 on the post you linked to).

I don't use TomatoCart so I probably won't be a lot of really practical TC specific help but may be some assitance if you get stuck. As suggested above, ideally it would be best to start a new forum thread for this work you can put in a link back here if you want). Ideally it would be good to script the solution, then others could follow your lead. Even better would be a TKLPatch that others could apply. But even if you can just report back on how successful it went.

Your suggestion/perspective on the updating of the appliance image etc are somewhat covered with a recent blog post by the core devs (a response to another community member's forum post). And even though you may be using a "paid TurnkeyCloud instance" keep in mind that most of that money doesn't go to TKL, and the bit that does (only applies if you are using TKL on AWS), pays for the costs associated with running this site and creating the images and custom code etc used by TKL. There are only 2 core devs running TKL and they certainly aren't making a killing out of TKL... This is a small free (as in freedom, as well as in beer if you run it locally on your own hardware or virtual infrastructure) open source project.

[update] I had a quick look on the TomatoCart forums and found what may perhaps be some useful info. This looks like an updater script, although it is almost 2 years old so I'm not sure whether it still applies? Also there is a thread concerning an upgrade from v1.1.5 to v1.1.8.x that may be relevant to you (I haven't read through these threads, just found them). If you get stuck you may be able to get some help by posting (a new thread) over there.