So, I found out that my wildcard SSL certificates weren’t being renewed, which in turn was because certbot needed to be able to edit DNS records in order to do so. In investigating that I found that I couldn’t install the latest version of certbot and its Linode plugin, which led me to discover that my server was actually running the i386 ubuntu core with amd64 grafted onto it, instead of being actual amd64, which was in turn because this server had been provisioned years ago and i386 was the supported configuration.
So I went through the exercise of trying to switch over to amd64, found that the best path forward was to back up all my data (which was already done since I keep incremental backups every night) and just reimage. Which seemed like a pain. But the alternative for a more graceful transition was to set up a new VPS, migrate stuff across, and then decommission the old VPS, which would have also been a pain.
So anyway I decided that since my server was still basically running 32-bit and would be stuck there forever if I didn’t rip off the band-aid, I’d rip off the band-aid.
While I was at it, I’d been meaning to switch to nginx for years, and this was a good enough excuse as any.
Getting all the fiddly details of my email setup back in place was the hard part, and it turns out I didn’t actually have all the stuff backed up that I thought I did, so I’m going to have to redo some of my infrastructure stuff, but that’s not a huge deal.
I was also hosting some sites for various friends and family, and I didn’t have a backup of those. Hopefully nothing irreplaceable was lost.
The really annoying thing is getting Nextcloud working again; it turns out my Nextcloud installation was stuck on an ancient version, and restoring that from backup doesn’t work because I’m on PHP 7.4 now (and it only works up to PHP 7.3), but the updater refuses to migrate things to the latest version. But it isn’t the end of the world to just like… do a fresh install and reupload my stuff to the server or whatever. So that’s what I’m going to do.
The punchline to all this is that even with all that stuff, I’m still going to have to do a bunch more annoying things to get my wildcard SSL certs updating, and I might just switch back to per-host certs after all. 🙄
At least nginx is easier to maintain and configure and gives me a bunch more neat features.
UPDATE: I have got my wildcard certs working after all.