Hello Mr. Schaper,
As you have already posted code that solves the issue, I would suggest a Pull Request as the best choice for getting that into the mainline code.
Did you mean to tell me to make a pull request?
Well, I do not have pi-Hole installation anymore on my server because it did not work. I came here to see if others have similar problems and a solution was found on it. As I could not come forward after 21 messages under the title “Cannot update config from web interface | FTL received SIGTERM”, I gave up and plan to continue - if and only if - I can save settings from the web interface. Currently, how pi-Hole functioned is not usable to me. Thus, I removed it completely.
Therefore, instead of me making a pull request, I suggest to add the above simple code in an extra file external.conf. This will need two minutes to add it in the default installation and mention a default SSL port in the help files.
If generation of a domain certificate is too much complicated, which obviously require some more coding, then I can understand. But that also should not refrain developers to achieve an encrypted transaction on users side.
For this, I suggest to add one default pem in the default installation signed with any such domain discourse.pi-hole.net.pem and add it in the default installation.
Consequently, if the discourse.pi-hole.net.pem and external.conf is present in the respective directory, then SSL will work out of the box and all browser calls will be encrypted.
The only problem here would be, that a browser will declare that the certificate does not match with the domain / subdomain name it is installed. Thats noo problem because the connection will still remain encrypted.
The SSL - https architecture will further remain in place even after an update because the external.conf file is not supposed to be overwritten.
If a user wants to change and generate his own certificate for SSL on that domain in question, he could do so later.
Even in home network, people use wireless. Thats where such SSL connection becomes important too, although not so trival as in a public network.
Is this solution fine, or do you still want me to make a pull request?