Hello,
I have just installed Pi-hole on my Rpi4 and everything is working perfectly.
In my system I have installed UFW to block port 80, as port 80 is exposed to the Internet for the automatic periodical renewal of the https certificate.
My rpi4 is also configured a web https server, always with lighttpd.
So the only way for me to access the web interface of Pi-hole is to temporarily disable UFW and then to enable it again.
My question is simple, is there a workaround maybe making Pi-hole listen to port 443?
You could change the server.port line in /etc/lighttpd/lighttpd.conf and restart lighttpd afterwards by:
sudo service lighttpd restart
Do NOT use port 443, though - that is associated with HTTPS.
Try e.g. port 8081 instead.
CAUTION:
This will be reset to port 80 on any Pi-hole release updates, repairs or reconfigurations.
And as you mention your system being exposed to public access, make sure you take the necessary precautions and block port 53 on your router so you don't risk running an open resolver.
Just curious: How do you renew your certificate then if port 80 is blocked?
Have you considered switching your HTTP-01 challenge to another challenge type like DNS-01 or TLS-ALPN-01?
Yes, incoming port 53 UDP/TCP should be blocked on your router - I'll edit my post to make that clearer.
(If you did the same on your Pi-hole machine, Pi-hole wouldn't receive any DNS queries - not what you want)
That is well beyond the scope of Pi-hole.
You'd have to search the net yourself, for advice that's applicable to you would likely depend on what your chosen CA offers. Visiting Let's Encrypt may be a good starting point.
