Well that blew up…
So, I found out that my wildcard SSL certificates weren’t being renewed, which in turn was because certbot needed to be able to edit DNS records in order to do so. In investigating that I found that I couldn’t install the latest version of certbot and its Linode plugin, which led me to discover that my server was actually running the i386 ubuntu core with amd64 grafted onto it, instead of being actual amd64, which was in turn because this server had been provisioned years ago and i386 was the supported configuration.
So I went through the exercise of trying to switch over to amd64, found that the best path forward was to back up all my data (which was already done since I keep incremental backups every night) and just reimage. Which seemed like a pain. But the alternative for a more graceful transition was to set up a new VPS, migrate stuff across, and then decommission the old VPS, which would have also been a pain.
So anyway I decided that since my server was still basically running 32-bit and would be stuck there forever if I didn’t rip off the band-aid, I’d rip off the band-aid.
While I was at it, I’d been meaning to switch to nginx for years, and this was a good enough excuse as any.