1. No, you need to upgrade all horizon servers in a single maintenance window. See e.g. https://docs.vmware.com/en/VMware-Horizon-7/7.13/horizon-upgrades/GUID-CE9531F4-6E70-494B-BE42-EF466...
2. See answer above, also note that upgrading a Connection server may drop VMs, especially if it's configured for tunneling connections.
3. Reverting to snapshot - or earlier backups - always has some kind of drawback. Although it's a option in case things go south during the upgrade, you may need to deal with things like the servers' domain membership, Horizon inventory inconsistencies, ... but such issues are usually resolvable.
4. To be honest, I don't understand that requirement either. I've never had any certificate issues with Horizon Upgrades.

André

1.  Everything I have read says to plan a maintenance window as service will be out. I have read that the composer server can be updated in as little as 30 minutes. However, I can't confirm that you can update your 7.12 to 7.13 during one window on one day/weekend and then go back in to production for a period of time, opening another maintenance window to do the connection servers.  Can you separate these in to 2 different events on 2 different days?

When you have different versions of connection servers weird things can happen, 7.12 to 7.13 may seem like small jump, but they backported changes in 8 which are pretty substantial. I'd do the all in one window.

1. During my research I am lead to believe that you can bring everything back online after the composer server is upgraded then do the 2 connection servers one at a time to limit downtime. This sort of ties directly to question 1, is this possible? Can you ring the connection servers offline one at a time so this part doesn't require downtime?

So you don't need to do them all at once, look at the guide @a_p_  shared, you disable one do the upgrade , enable it and then enable the other one. If you have a loadbalancer in front of the connection servers you shouldn't run into any issues.

1. The planning and prep I have been reading about says you should snapshot the 3 horizon servers (for me,2 connection + 1 composer) and backup the event database running on your database server. This leads me to believe that, in the event of an error that is unresolvable, you could fallback. If that occurs though, what are the steps? My gut says, restore the database, revert all snapshots and fire it up, is it that simple? Has anyone had any experience with this?

restoring the database and connections servers snapshot shots whould work. Make sure you also have an ldif backup from the connection servers

https://docs.vmware.com/en/VMware-Horizon-7/7.13/horizon-administration/GUID-EFA249B5-1D21-4B8C-BF6A...

if the worst happens and you need to reinstall, the ldif file has all the configuration files in it, this should be automated from inside the connection server

1. All the guides and documentation I have read say you need to back up the production certificate for Horizon. Why is this? Does it get removed from the server when you upgrade? 

When you upgrade the default vdm certificate may be reenabled, normally you would just rename yours to the friendly name of vmd, and name the default one to something else. Really you shouldn't even rely 100% on the snapshots you should have the ldap ldif backup, the ssl cert, and the locked.properties file if you have it configured. That way you have all that is necessary to create the connection servers from scratch without reconfiguring them.

So what is a realistic outage window? 1 hour? 3 hours?