The block page is the 404 page, so you will only get it when visiting a page which does not exist.
Like many others, I use my own certificate from my own Windows CA....
I tried this but I can only connect to the Pi-Hole thru HTTPS using the IP; I cannot access it using the hostname or the FQDN.
When I try, Chrome gives me:
ERR_SSL_UNRECOGNIZED_NAME_ALERT
The certificate is correct and I am accessing the correct hostname and FQDN
How do I fix this?
The hostname/FQDN needs to be presented in the pem cert as a Subject CN (Common name) or as a SAN (Subject alternative name):
pi@noads:~ $ openssl x509 -in pi.hole.pem -noout -text
[..]
Issuer: C = US, ST = MN, L = Minneapolis, OU = Domain Control Validated, CN = some.cert.signer.ca
[..]
Subject: C = US, ST = MN, L = Minneapolis, OU = Domain Control Validated, CN = noads.dehakkelaar.nl
[..]
X509v3 Subject Alternative Name:
DNS:pi.hole
[..]
C=US ST=WY L=Sheridan
I just blindly entered through those settings using openssl defaults.
They dont matter anyway 
Been staring at this for bout half an hour trying to find cryptic hidden message 
No offense but this isnt the first or the last certificate Ive made.
I just checked it anyways and it is correct: Its in the CN and the SAN.
Also like I mentioned, If I go to the IP, it works correctly.
And you get the right cert presented ? (substitute <IP_ADDRESS_OR_DOMAIN_HERE>)
echo | openssl s_client -connect <IP_ADDRESS_OR_DOMAIN_HERE>:443 2>/dev/null | openssl x509 -text -noout
If I use = for wildcard, I get thus far:
WhY danSC===er U STLSi
For the CSR. Country is US, State is WY, Locality is Sheridan
Yeah but whats the cryptic part ?
I don't understand what you mean?
That makes two 
I dont understand relevance of below posting:
Thats why I was looking for cryptic hidden message
@riahc3 , forgot to mention, you could run below one too to see cert details presented like CN & SAN:
curl -Iv https://<DOMAIN>
Sometimes results differ from using openssl when inspecting a socket depending on how the web server is configured.
1 Like
From the cert:
Issuer: C = US, ST = MN, L = Minneapolis, OU = Domain Control Validated, CN = some.cert.signer.ca
Yeah that was a cert I created once for testing.
When the questions came about location, I just pressed enter to accept defaults
Those are defaults? Oh, I thought you were putting in the location of where Pi-hole was first created!
2 Likes
Something must have changed in meantime (updated openssl or something) as I cant reproduce:
pi@noads:~/tmp $ openssl req -new -out pi.hole.csr -key pi.hole.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:pi.hole
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
pi@noads:~/tmp $ openssl req -text -noout -in pi.hole.csr
[..]
Subject: C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = pi.hole
Now we know
