Is having a different public IP of the VM from when I created the cert and to when I renew the cert okay? Since the current setup, the public IP is not set to static. So everytime I stop/start the VM different IP would be used.
That is not a problem as long as the DNS also points to the new IP. Does it?
And, to renew a cert you just use certbot renew and to test certbot renew --dry-run
The renew command reads all the config files in /etc/letsencrypt/renewal and renews them all using the same settings as when their certs were last successful. A cronjob or systemd timer was probably setup by Certbot to run a renew command regularly so these are done automatically.
Sorry, my mistake. It should have been --debug-challenges with two dashes not one. With just one dash it thought you were adding a second domain name of ebug-challenges. Was hard to read your pasted image but my fault for not testing the sample command.
But, glad you found the error.
Let's Encrypt does not publish a list of IP addresses. See the FAQ item about this and also what they recommend about port 80
Oops. Sorry I did not double check also the script lol. Idk about keeping port 80/443 open most of the time (Maybe I will just do this manually when cert is already up for renewal). However, since i do not have any webserver in this VM maybe it is okay? Spinning up a temp web server is usually just done on the renewal/creating cert right.