Question

Best way to upgrade/migrate a droplet while minimizing outage?

Posted December 4, 2019 327 views
LAMP StackDigitalOceanLet's Encrypt

I have a droplet running a LAMP stack that is getting a bit out of date (running Ubuntu 16.04). I want to move the whole thing to more recent versions of everything (Ubuntu 18.04, and application software).

I don’t expect this to be near instantaneous, so I intend to add another droplet, install the recent software on it, and script the data import from the older droplet and test. Once everything works, I’ll do a last data import and open the new droplet to the public.

Now, the site has a name so people access it with DNS resolution. If I change the DNS record it will take over 24Hours to percolate to users. DO offers a “floating IP” that could make the switchover a lot faster, but it says “Floating IPs do not support PTR (rDNS) records.” and I don’t know how important that is (for instance for an anti-spam filter when the server sends mail to users).

The site use HTTPS with a certificate delivered by LetsEncrypt. Can I carry over the certificate (after all it will be the same CN and SAN) or do I have to request a new one?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi @gimpforum,

Your decision seems to be the best one. It’s what I would do in such a situation. Now let’s get onto your questions.

PTR

PTR is pretty important when sending out messages. It confirms your server as a legitimate source. If your contact form on your website or anything else uses your droplet as a mail server, then PTR is crucial for the delivery of mails.

DNS

Now a days, DNS propagation doesn’t take longer than 2-3 hours. We are way past the time it took 24 hours however everyone is still saying it can take UP to 24 hours just to be on the safe side.

As this has been said, there is no need for you to worry that much on the propagation.

SSL Certificate

Well, as you are using a Let’s Encrypt certificate, you can just issue a new on on the new droplet.

You can ofcourse copy it over however I don’t see a reason why would you go through all the trouble. The renewal/issue is free as well.

Regards,
KDSys

Submit an Answer