Not sure why but things seem to be failing when using IPv6.
Background:
0. Pihole running on small IntelNUC connected to router
12. Have self signed cert for my desired domain (pihole.ipv6.example.com)
2. Dont know what is the "CA-file" line supposed to be so just dropped it.
Testing 1 - When connecting to internal ipv4 IP - get red padlock in chrome and can read off the details of the certificate fine (ie it was self signed and for domain pihole.v6.example.com). So pihole box is reading/serving certificate ok on ipv4.
Testing 2 - connection via IPv6 address fails with "ERR CONNECTION REFUSED" so connecting to pihole box no longer works on ipv6 (note before changes with empty external.conf, connection via ipv6 was fine)
Testing 3 - When connecting to box via FQDN (which is AAAA to the IPv6 address of box) then get connection refused (ie same result as Testing 2)
Testing 4 - When I poke a hole through router firewall to port-forward [[some random high port]] to 443 on the pihole box (and set up a temporary pihole.v4.example.com with A record pointing to router) then connection works (of course with red padlock and complaint that the SNI is wrong.)
From the testing above - seems like for some reason lighttpd ssl engine doesn't like IPv6? Any thoughts on how to fix?