Thanks for the comments so far;
@TotallyInformation Yes I have dynamic dns set up which provides me with a domain name. The MQTT broker is accessible from the outside world, it's just I cannot secure it with TLS (so passwords and data being sent in plan text so I can't continue to use it like that). I am allowing 8883 inbound. My understanding of "snaps" is limited to what I have encountered today only, but as far as I can make out they aren't a form of container, they are just packages which quickly install the software. I think I might take your idea though and try to install a new server from scratch and install mosquitto in the normal way. I understand I don't need to use TLS locally, the problem is that when I set the certificate locations, both listeners (1883 and 8883) seem to stop responding on the local network. If I remove the certificate lines from the config file they both work again.
@Colin I did read this somewhere but I must now go back and double-check I did this! Thanks
@Andrei Yes the webhookrelay is very good, and it makes light work of the problem, but unfortunately it's limited to 150 messages per month, and my iphone sent 150 overnight, I woke up to the message that my webhookrelay account had reached its limit 
