On August 21, my Yunohost server, which I keep in my house, started warning we that port 80 was inaccessible from the Internet. None of my sites use port 80, so everything kept working, but I was concerned because I knew that my Let’s Encrypt certificate would fail to automatically renew if I didn’t fix the problem. Canyouseeme.org confirmed that the port was inaccessible. Today, with this evening’s diagnostic report, my server’s warning was gone and Canyouseeme.org confirms that the port is accessible again. I’m pleasantly surprised, but baffled.
Has anyone else run into a similar problem? I am on a residential FiOS connection.
As an aside, if you use DNS challenge you don’t even need port 80 open at all for your certificates to be verified.
Yes, I was going to attempt it this week, but hopefully I’m in the clear. With Yunohost the http challenge for renewal is done automatically, but apparently the DNS challenge is a manual process. It wouldn’t be the end of the world, but I just like having nice things.
It’s not an ideal solution, but this guy did the renewal using certbot and just linked the certificate into yunohost for DNS renewal.
Sounds like something ISP is doing… residential lines tends to have common ports blocked, it may be a good idea to check your terms of service to verify if they permit running servers on the subscribed service.
You may not knowingly or unknowingly exceed the bandwidth usage limitations that we may establish from time to time for the Services, or knowingly or unknowingly use the Services to host any type of server or commercial network or subnetwork.
Lol I guess not then! I would think that many customers violate this rule because many consumer products contain some type of server.
Plenty of multiplayer games need to run a server so you can play with your friends, not always cloud based. Would Verizon require a business class account to host a multiplayer session for Halo on your Xbox?
I feel like this is antiquated language in their TOS. It probably dates back to the introduction of broadband residential services, when the cost of delivering network bandwidth was much higher.
But they keep it there as it gives them a nice, ambiguous set of terms they can either hide behind, or use to beat you over the head for a variety of reasons.
I’m guessing they, for whatever reason, temporarily blocked incoming packets going to common ports on your service. Maybe, at some point, the underpaid, overworked network tech on night shift realised they’d inadvertently turned on/off some inbound rule when troubleshooting another customer’s problem, and changed it back.
But, you can’t complain to them about it because you can’t “hOSt a SeRVeR”. Bloody ISPs.
Some questions come to mind:
-
Do you have a static IP address from your ISP?
-
Dynamic DNS?
-
Have you verified the listening service is a box you own?
-
Is there a reverse proxy set up?
-
Checked the edge router logs to see if it rebooted recently and reloaded firewall rules?
-
What else sits between your router and the listening server?
This could be any number of things, maybe this will help point you in the right direction.
-