if anyone is curious as to what was wrong, i've found and fixed the following issues:
- main nginx route had misconfigured TLS to use the wrong cert path, so even tho certbot was renewing, the new cert wasnt getting used
- media nginx route's TLS cert was configured properly, but was expired bc the cronjob broke
anyway so I've fixed all these and have upgraded to latest masto (v3.5.3), which took about as much effort as I expected (had to upgrade one step at a time to account for migrations)
the server is still very much a pet, in the sense that it's manually groomed and cared for, nothing is version controlled nor managed thru IaC. this pains me greatly
hopefully this time around I'll make it more of a priority to manage it better
@locus I'd be willing to pay a couple bucks a month (cheerful price <=5) for using this instance for the next ~year
After that I'd also be willing to help with administration
@locus I’d be happy to pay a monthly charge. I’d also be happy to donate through a service if you have a link handy. I don’t expect your domain, hosting, and time to be free.
@locus if you offered an encrypted at rest email service to firstname.lastname@example.org using a known, trusted provider, I’d pay for that too.
a Schelling point for those who seek one
I'm still thinking about longer term sustainability, and how that might mean that to justify the time allocation might make sense to make this a paid instance (nothing crazy, with tiers ofc) but I recognize it's pretty hard to convince people to pay for a previously free service