Renew a certbot SSL manually on DigitalOcean droplet with a firewall

This is a VERY watered-down guide for manually renewing the SSL with the following stack:

  • Server hosted on DigitalOcean
  • SSL from certbot has been installed previously and is up for renewal (see DigitalOcean's guide to setting up certbot).
  • Assumes you have a firewall on the droplet

First, SSH into the server using the terminal:

ssh YOURUSER@YOURIPADDRESS

I then gave the server a test run to see if it would work:

sudo certbot renew --dry-run

I kept getting this error, no matter what I changed:

   Timeout during connect (likely firewall problem)

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client. If you're using the webroot plugin, you should also verify
   that you are serving files from the webroot path you provided.

So in DigitalOcean, I went to Networking > Firewalls and clicked the correct one. Then from the tab, "Droplets" I removed the specific droplet I was working on, ran the renew dry-run command above, and it finally succeeded.

Time to actually renew:

sudo certbot renew

Success!

NOTE: This is not a secure way of doing things, and it's not automatic. You have to remember to put your droplet back on the firewall, and since it was removed from the firewall in the first place, you're opening up to vulnerabilities.


By the way if you want to try DigitalOcean, use my referral link to get a $100 credit for 60 days: https://m.do.co/c/5d4981832ae6