On August 21, my Yunohost server, which I keep in my house, started warning we that port 80 was inaccessible from the Internet. None of my sites use port 80, so everything kept working, but I was concerned because I knew that my Let’s Encrypt certificate would fail to automatically renew if I didn’t fix the problem. Canyouseeme.org confirmed that the port was inaccessible. Today, with this evening’s diagnostic report, my server’s warning was gone and Canyouseeme.org confirms that the port is accessible again. I’m pleasantly surprised, but baffled.
Has anyone else run into a similar problem? I am on a residential FiOS connection.
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Sounds like something ISP is doing… residential lines tends to have common ports blocked, it may be a good idea to check your terms of service to verify if they permit running servers on the subscribed service.
From the TOS:
Lol I guess not then! I would think that many customers violate this rule because many consumer products contain some type of server.
I feel like this is antiquated language in their TOS. It probably dates back to the introduction of broadband residential services, when the cost of delivering network bandwidth was much higher.
But they keep it there as it gives them a nice, ambiguous set of terms they can either hide behind, or use to beat you over the head for a variety of reasons.
I’m guessing they, for whatever reason, temporarily blocked incoming packets going to common ports on your service. Maybe, at some point, the underpaid, overworked network tech on night shift realised they’d inadvertently turned on/off some inbound rule when troubleshooting another customer’s problem, and changed it back.
But, you can’t complain to them about it because you can’t “hOSt a SeRVeR”. Bloody ISPs.
Plenty of multiplayer games need to run a server so you can play with your friends, not always cloud based. Would Verizon require a business class account to host a multiplayer session for Halo on your Xbox?
As an aside, if you use DNS challenge you don’t even need port 80 open at all for your certificates to be verified.
Yes, I was going to attempt it this week, but hopefully I’m in the clear. With Yunohost the http challenge for renewal is done automatically, but apparently the DNS challenge is a manual process. It wouldn’t be the end of the world, but I just like having nice things.
It’s not an ideal solution, but this guy did the renewal using certbot and just linked the certificate into yunohost for DNS renewal.
Some questions come to mind:
Do you have a static IP address from your ISP?
Dynamic DNS?
Have you verified the listening service is a box you own?
Is there a reverse proxy set up?
Checked the edge router logs to see if it rebooted recently and reloaded firewall rules?
What else sits between your router and the listening server?
This could be any number of things, maybe this will help point you in the right direction.