[Help] [Question] Pihole ssl comodo

Help Community Help
4

Following this tutorial:

I have these files:

AAACertificateServices.crt

HSSL-etc.key

midominio.com.crt

SectigoRSADomainValidationSecureServerCA.crt

USERTrustRSAAAACA.crt

In the tutorial I see that it places 3 files:

/etc/letsencrypt/live/pihole.example.com/privkey.pem /etc/letsencrypt/live/pihole.example.com/cert.pem /etc/letsencrypt/live/pihole.example.com/combined.pem

privkey.pem would be HSSL-etc.key

cert.pem would be midominio.com.crt

combined.pem would be AAACertificateServices.crt

Or I'm wrong?

So, just change the extension.

Following this: ssl - How to get .pem file from .key and .crt files? - Stack Overflow

/etc/letsencrypt/live/pihole.example.com/HSSL-etc.pem

/etc/letsencrypt/live/pihole.example.com/midominio.com.pem

/etc/letsencrypt/live/pihole.example.com/AAACertificateServices.pem

So I see it edit: /etc/lighttpd/external.conf

$HTTP["host"] == "pihole.example.com" {

Ensure the Pi-hole Block Page knows that this is not a blocked domain

setenv.add-environment = ("fqdn" => "true")

Enable the SSL engine with a LE cert, only for this specific host

$SERVER["socket"] == ":443" {

ssl.engine = "enable"

ssl.pemfile = "/etc/letsencrypt/live/pihole.example.com/combined.pem"

ssl.ca-file = "/etc/letsencrypt/live/pihole.example.com/fullchain.pem"

ssl.honor-cipher-order = "enable"

ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"

ssl.use-sslv2 = "disable"

ssl.use-sslv3 = "disable"

}

Redirect HTTP to HTTPS

$HTTP["scheme"] == "http" {

$HTTP["host"] =~ ".*" {

url.redirect = (".*" => "https://%0$0")

}

}

}

So what I understand is this:

$HTTP["host"] == "pihole.example.com" {

Ensure the Pi-hole Block Page knows that this is not a blocked domain

setenv.add-environment = ("fqdn" => "true")

Enable the SSL engine with a LE cert, only for this specific host

$SERVER["socket"] == ":443" {

ssl.engine = "enable"

ssl.pemfile = "/etc/letsencrypt/live/pihole.example.com/AAACertificateServices.pem"

ssl.ca-file = "/etc/letsencrypt/live/pihole.example.com/fullchain.pem"

ssl.honor-cipher-order = "enable"

ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"

ssl.use-sslv2 = "disable"

ssl.use-sslv3 = "disable"

}

Redirect HTTP to HTTPS

$HTTP["scheme"] == "http" {

$HTTP["host"] =~ ".*" {

url.redirect = (".*" => "https://%0$0")

}

}

}

Then it changed:

ssl.pemfile = "/etc/letsencrypt/live/pihole.example.com/AAACertificateServices.pem"

ssl.ca-file = "/etc/letsencrypt/live/pihole.example.com/fullchain.pem"

And this file? fullchain.pem

Then I change all pihole.example.com to my domain example.com

Then:

sudo service lighttpd restart

And it does not work.

What am I doing wrong?