Pi-hole is a DNS server, it doesn't get involved in the HTTP/HTTPS process. It does it's work before the browser even gets to the point of processing HTTP/HTTPS traffic.
When you want to view a site, say www.baddomain.com via either HTTP or HTTPS, you browser needs to know how to find www.baddomain.com, so it sends out a DNS query that asks "Where can I find this site?" Since everything on the internet goes by the actual IP address, you need to know the IP address where that domain resides. The DNS query (the thing that takes www.baddomain.com and translates that to an IP address) goes to the Pi-hole, and it checks to see if that is a domain that should be visited or should be blocked. If it is okay to visit, the IP address of the domain is passed back to the browser, the browser then visits that IP address and requests the contents of the webserver, and that is sent back either over HTTP or HTTPS. If it is a domain that should be blocked, the IP that is sent back is that of the Pi-hole itself, and you get the blockpage contents instead. You never even get the contents of the bad domain.
The reason we say that it doesn't do HTTPS is that HTTPS is signed with a certificate, and we can't replicate that certificate, that would be what is called a Man in the Middle attack. But we don't need to be involved in that, as we really don't even see HTTP/HTTPS traffic, we work before any of that part of the process starts.
