Documentation page on why port 80 is Good Actually


#1

Hi friends,

I wrote up a documentation page describing briefly why it’s okay (and actually desirable) to keep port 80 open if you can:

Feedback welcome! This is not live yet but will be shortly after it’s reviewed and merged.


#2

I submitted a couple of comments on GitHub. This does feel like a pretty frequently asked question!


#3

Agreed. Maybe “some” ISPs should read it - LOL


#4

I suspect, but can’t confirm, that the practice of ISPs blocking port 80 may actually have more to do with preventing compromise of routers with default admin passwords than anything else. It’s frustrating, but I can at least imagine a legitimate reason for this type of block.


#5

One case that I tried to address briefly in my comment on GitHub is that you can have a benefit against a passive eavesdropper by shutting down port 80 if there are old forms in the wild that submit to an HTTP URL (although at the cost of breaking those forms). I don’t think this is a very large part of many people’s reasoning about closing port 80, but it’s the unusual real example where closing port 80 does improve security in a particular situation.


#6

This is now live. Thanks for the input! https://letsencrypt.org/docs/allow-port-80/