Question: Moving production server to new IP address with LetsEncrypt and minimum downtime

[wildhart]

I'm migrating from AWS to DigitalOcean, which means a change in floating IP. My main question is about DNS propagation and how that might affect the generation of the LetsEncrypt SSL cert on the new server if the old server's IP is still in a DNS cache somewhere?

My app is small and not critical so doesn't yet require multiple servers or remote db (I do my own db backup every 3 hrs). I can do the move at a quite time for the app so the user interaction or database migration isn't a problem.

Well in advance of the move I was going to reduce the TTL of my DNS to 60 seconds, but how well is that obeyed in general?

My plan is as follows:

1. Spin up a new staging server, point my staging sub-domain to it and mup setup then mup deploy using my staging config.
2. Test staging server. (I've already done this, works well).
3. Dump production database.
4. Deploy 'maintenance mode' page to production server, which automatically refreshes page every minute so it will be replaced with the new site once the client's DNS has updated.
5. Switch my production DNS record to the staging IP address. Wait 60 seconds?
6. Flush my local DNS cache. Test domain name resolution. Test ssh into new server.
7. Deploy to new server using production config. <- At this point Let's encrypt will try to confirm ownership of my production domain by installing a temp file on the server, but then the Let'sEncrypt server might have old DNS and look at the old server for the file. Will this be a problem?
8. Restore database to new server.

Will that work? Does anyone have a better migration strategy?

I use Cordova and have active users of Android and iOS apps. I presume that they will have some downtime but should start working once their DNS is updated, correct?

Thanks for your suggestions!

PS, I'm already a monthly supporter, and I would encourage others to do so: https://opencollective.com/meteor-up/donate