How to Rebuild Droplets

The rebuild functionality of Droplets wipes the Droplet’s disk and replaces it with an image you select. This is useful if you’re concerned that your Droplet has been compromised, you’ve lost access to it, you’d like to switch operating systems, or in any situation where you’d like to completely replace the contents of a Droplet.

Rebuilding a Droplet, like destroying a Droplet, is an irreversible process. If you have no backups, snapshots, or local copies of the data on your Droplet and you rebuild it, that data is completely irretrievable by DigitalOcean.

Why Rebuild?

It may seem simpler to destroy the current Droplet and just create a new one, and that may very well be the best option for you. Rebuilding is a better choice in one of two scenarios:

  1. You want to keep your IP address. When you destroy a Droplet, its IP address is released back into the datacenter’s pool of available IPs. These are assigned randomly, so it’s very unlikely you’ll get that IP address back. When you rebuild a Droplet, on the other hand, the IP address is retained.

  2. You want to save some money. DigitalOcean charges by the hour and only charges for the first 672 hours (28 days) in each month. That means if your Droplet has existed all month, you get up to 3 days at the end of the month free. If you destroy your Droplet and create a new one, that timer restarts. If you rebuild it, that timer continues to count up toward the free time at the end of the month.

Steps to Rebuild

From the DigitalOcean Control Panel on the Droplets page, click the name of the Droplet you want to rebuild, then choose Rebuild from its Droplet-specific menu.

Droplet Destroy & Rebuild Tab

Next, click the Select an Image text box and search for the image you’d like to use to rebuild. You can use any image in your account, including:

  • Backups
  • Snapshots
  • Custom images
  • One-click images
  • Base distributions provided by DigitalOcean

Image Selection Dropdown

Once you’ve selected the image you’d like to use, the Rebuild button will turn blue, indicating you can now click it to begin rebuilding the Droplet.

The rebuild should take roughly the same amount of time as creating a new Droplet from that image. When it’s complete, you’ll have a clean Droplet with the new image.

Logging in with SSH

Now that the Droplet has been rebuilt, it has a new fingerprint, also known a Remote Host Identification Key. If you connected to the Droplet prior to the rebuild, when you try to connect after the rebuild you may see this error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:RqX4d+VC6sBaOSMEo8JgyjpvmoQTQY4E6EYe7vCQV5c.
Please contact your system administrator.
Add correct host key in /root/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /root/.ssh/known_hosts:3
  remove with:
  ssh-keygen -f "/root/.ssh/known_hosts" -R 203.0.113.47
ECDSA host key for 203.0.113.47 has changed and you have requested strict checking.
Host key verification failed.

That’s because your local SSH client stores a fingerprint when you connect to a new server. That fingerprint is unique, and changes if the server is wiped, as is the case in a rebuild.

To resolve this error, you can run the command suggested in the error message:

ssh-keygen -f "/root/.ssh/known_hosts" -R use_your_droplet_ip

Afterward, you should be able to connect to the Droplet via SSH as normal.