if anyone is curious as to what was wrong, i've found and fixed the following issues:
- main nginx route had misconfigured TLS to use the wrong cert path, so even tho certbot was renewing, the new cert wasnt getting used
- media nginx route's TLS cert was configured properly, but was expired bc the cronjob broke
anyway so I've fixed all these and have upgraded to latest masto (v3.5.3), which took about as much effort as I expected (had to upgrade one step at a time to account for migrations)
the server is still very much a pet, in the sense that it's manually groomed and cared for, nothing is version controlled nor managed thru IaC. this pains me greatly
hopefully this time around I'll make it more of a priority to manage it better
@locus I'd be willing to pay a couple bucks a month (cheerful price <=5) for using this instance for the next ~year
After that I'd also be willing to help with administration
@locus I’d be happy to pay a monthly charge. I’d also be happy to donate through a service if you have a link handy. I don’t expect your domain, hosting, and time to be free.
@locus if you offered an encrypted at rest email service to firstname.lastname@example.org using a known, trusted provider, I’d pay for that too.
a Schelling point for those who seek one
- the server was self-DDoSing bc the streaming API component was bootlooping as the node binary somehow became owned by root and hence inaccessible to the service user, so requests would fallback to the much less efficient REST api
- the version of masto i was on has a known issue where it is currently impossible to install with ANY version of node, bc some very specific dep with a binary module depends on a specific version of something which is no longer available online