I needed to reinstall PiHole (Upgrade from Buster to Bullseye). I always had my own Let's Encrypt Certificate on my own domain to access pihole via https://pihole.mydomain.com. SSL is enabled via external.conf but lighttpd is not listening on SSL:
root@pihole-master:~ # netstat -tulpn | grep -i ligh
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 6668/lighttpd
tcp6 0 0 :::80 :::* LISTEN 6668/lighttpd
NVM - I found the following:
if you have any modifications for lighttpd via an
external.conffile, this file now needs to be mapped into/etc/lighttpd/conf-enabled/whateverfile.confinstead
After creating 99-ssl-custom.conf in /etc/lighttpd/conf-enabled it worked:
root@pihole-master:/etc/lighttpd # ll conf-enabled/
total 4
lrwxrwxrwx 1 root root 32 Mar 5 13:03 05-setenv.conf -> ../conf-available/05-setenv.conf
lrwxrwxrwx 1 root root 35 Mar 5 13:03 10-accesslog.conf -> ../conf-available/10-accesslog.conf
lrwxrwxrwx 1 root root 33 Mar 5 13:03 10-fastcgi.conf -> ../conf-available/10-fastcgi.conf
lrwxrwxrwx 1 root root 38 Mar 5 13:03 15-pihole-admin.conf -> ../conf-available/15-pihole-admin.conf
-rw-r--r-- 1 root root 512 Mar 5 18:37 99-ssl-custom.conf
lrwxrwxrwx 1 root root 38 Mar 5 13:02 99-unconfigured.conf -> ../conf-available/99-unconfigured.conf
Content of
## SSL Config
#Loading openssl
server.modules += ( "mod_openssl" )
setenv.add-environment = ("pihole.MYDOMAIN.COM" => "true")
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/root/.acme.sh/pihole.MYDOMAIN.COM/pihole.MYDOMAIN.COM.combined.pem"
ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.3", "Options" => "-ServerPreference")
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}