I need it open so I can confirm with CACert.org that I own a subdomain. Marf. Oh well, maybe I'll try with another server I have root access too. Rather inconvenient. ::makes a face::
Wish CACert.org provided alternate ways of verification. Like the Google Domain verification of putting a specific string of text onto the domain.