On August 21, my Yunohost server, which I keep in my house, started warning we that port 80 was inaccessible from the Internet. None of my sites use port 80, so everything kept working, but I was concerned because I knew that my Let’s Encrypt certificate would fail to automatically renew if I didn’t fix the problem. Canyouseeme.org confirmed that the port was inaccessible. Today, with this evening’s diagnostic report, my server’s warning was gone and Canyouseeme.org confirms that the port is accessible again. I’m pleasantly surprised, but baffled.

Has anyone else run into a similar problem? I am on a residential FiOS connection.

  • vividspecter@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    As an aside, if you use DNS challenge you don’t even need port 80 open at all for your certificates to be verified.

    • CrimeDad@lemmy.crimedad.workOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Yes, I was going to attempt it this week, but hopefully I’m in the clear. With Yunohost the http challenge for renewal is done automatically, but apparently the DNS challenge is a manual process. It wouldn’t be the end of the world, but I just like having nice things.

      • SteveTech@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        It’s not an ideal solution, but this guy did the renewal using certbot and just linked the certificate into yunohost for DNS renewal.

  • lando55@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Some questions come to mind:

    1. Do you have a static IP address from your ISP?

    2. Dynamic DNS?

    3. Have you verified the listening service is a box you own?

    4. Is there a reverse proxy set up?

    5. Checked the edge router logs to see if it rebooted recently and reloaded firewall rules?

    6. What else sits between your router and the listening server?

    This could be any number of things, maybe this will help point you in the right direction.

  • chiisana@lemmy.chiisana.net
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    Sounds like something ISP is doing… residential lines tends to have common ports blocked, it may be a good idea to check your terms of service to verify if they permit running servers on the subscribed service.

    • CrimeDad@lemmy.crimedad.workOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      From the TOS:

      You may not knowingly or unknowingly exceed the bandwidth usage limitations that we may establish from time to time for the Services, or knowingly or unknowingly use the Services to host any type of server or commercial network or subnetwork.

      Lol I guess not then! I would think that many customers violate this rule because many consumer products contain some type of server.

      • stown@sedd.it
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Plenty of multiplayer games need to run a server so you can play with your friends, not always cloud based. Would Verizon require a business class account to host a multiplayer session for Halo on your Xbox?

      • DeltaTangoLima@reddrefuge.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        I feel like this is antiquated language in their TOS. It probably dates back to the introduction of broadband residential services, when the cost of delivering network bandwidth was much higher.

        But they keep it there as it gives them a nice, ambiguous set of terms they can either hide behind, or use to beat you over the head for a variety of reasons.

        I’m guessing they, for whatever reason, temporarily blocked incoming packets going to common ports on your service. Maybe, at some point, the underpaid, overworked network tech on night shift realised they’d inadvertently turned on/off some inbound rule when troubleshooting another customer’s problem, and changed it back.

        But, you can’t complain to them about it because you can’t “hOSt a SeRVeR”. Bloody ISPs.