Have you looked into pixelserv-tls as a solution for the HTTPS certificate issue?
pixelserv-tls is a fork of pixelserv with added support for HTTPS - the tiny webserver that responds to all requests with "nothing" and particularly useful for whitelisting hosts on troubled websites, and for mining "big data" on adservers and trackers.
Certificates for adserver domains are automatically generated at real-time upon first access. All requests to adserver are optionally written to syslogd. The stats in text format are preserved, good for command line parsing. The same stats in HTML format are revamped to be more legible.
For details, follow this guide GitHub - kvic-z/pixelserv-tls: A tiny bespoke HTTP/1.1 server for adblock and accelerating web browsing..
I was able to install it on my rasp pi:
$ sudo apt-get install git
$ sudo apt-get install autoconf
$ sudo apt-get install libssl-dev
sudo -i
cd
git clone GitHub - kvic-z/pixelserv-tls: A tiny bespoke HTTP/1.1 server for adblock and accelerating web browsing.
autoreconf -i
./configure
make
sudo make install
pixelserv needs an ip address to bind to:
sudo ifconfig eth0:pixelserv-tls 192.168.22.254 up
It can't be the same one as the eth0 ip address. I tried to assign pixelserv-tls to an unused ip on my network, but going to the 192.168.22.254/servstats.txt displays a web page of the pi-hole logo rather than the pixelserv statistics. The gravity.list file would require an update to use the pixelserv ip address.
I use pixelserv-tls on Asuswrt-Merlin in conjunction with the ab-solution.info ad blocker. It may help with the https issue discussed in this thread.