How to fix Unable to resolve mirrors error on DigitalOcean Droplets

You've set up a Droplet in DigitalOcean and locked things down to restrict access to it via the firewall. Great. You can access the server and make local changes fine, but you try to update or install something, only to be presented with terminal output similar to:

Failed to fetch security.ubuntu.com?

Panic sets in. You can't configure your new server when it can't find the packages you need to install. What do you do?

You might be tempted to trash the Droplet and start again (go ahead - you'll likely get the same result - I'll wait...), but that's futile. The issue is more than likely with the firewall rules. There's a good chance they are similar to:

DigitalOcean firewall rules. Keep things locked down.

It makes sense. The update and package mirrors are HTTP or HTTPS locations, so why won't it connect?

The reason is simple once it's explained - the server can't communicate with DNS servers. You've locked the Droplet down on the firewall to the point that it can't send outbound DNS requests. Add firewall rules for outbound connections on TCP and UDP ports 53, then the updates should work.

Added TCP and UDP ports for outbound rules