1. Enable TCP:443 access to the server from the internet
  2. Check local IPTABLES fw access for public TCP:443 access too
  3. SSH into the server and run the following command:
    sudo certbot — –force-renewal -d <certname here>

ref: https://certbot.eff.org/docs/