Question

Best way to upgrade/migrate a droplet while minimizing outage?

I have a droplet running a LAMP stack that is getting a bit out of date (running Ubuntu 16.04). I want to move the whole thing to more recent versions of everything (Ubuntu 18.04, and application software).

I don’t expect this to be near instantaneous, so I intend to add another droplet, install the recent software on it, and script the data import from the older droplet and test. Once everything works, I’ll do a last data import and open the new droplet to the public.

Now, the site has a name so people access it with DNS resolution. If I change the DNS record it will take over 24Hours to percolate to users. DO offers a “floating IP” that could make the switchover a lot faster, but it says “Floating IPs do not support PTR (rDNS) records.” and I don’t know how important that is (for instance for an anti-spam filter when the server sends mail to users).

The site use HTTPS with a certificate delivered by LetsEncrypt. Can I carry over the certificate (after all it will be the same CN and SAN) or do I have to request a new one?


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

KFSys
Site Moderator
Site Moderator badge
December 8, 2019
Accepted Answer

Hi @gimpforum,

Your decision seems to be the best one. It’s what I would do in such a situation. Now let’s get onto your questions.

PTR

PTR is pretty important when sending out messages. It confirms your server as a legitimate source. If your contact form on your website or anything else uses your droplet as a mail server, then PTR is crucial for the delivery of mails.

DNS

Now a days, DNS propagation doesn’t take longer than 2-3 hours. We are way past the time it took 24 hours however everyone is still saying it can take UP to 24 hours just to be on the safe side.

As this has been said, there is no need for you to worry that much on the propagation.

SSL Certificate

Well, as you are using a Let’s Encrypt certificate, you can just issue a new on on the new droplet.

You can ofcourse copy it over however I don’t see a reason why would you go through all the trouble. The renewal/issue is free as well.

Regards, KDSys

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Featured on Community

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more