Beatiful job on v6.
Runs great on rpi4.
just one nag from firefox android.
I fried all these in about:config disabling etc
security.ssl.enable_ocsp_stapling
security.tls.insecure_fallback_hosts = piholes ip and + admin + login link
security.insecure_field_warning.contextual.enabled
security.ssl3.dhe_rsa_aes_128_sha
security.ssl3.dhe_rsa_aes_256_sha
Everytime iust click proceed. I like and want https but firefox for android is a nag about this.
any suggeations? ty.
This is expected. In the end, Firefox is right: You are using a self-signed certificate here which has not been added to the trusted certificates of your device (so there is no "trust" on it), hence, this is not "secure" as you would not really notice when someone MITMs you.
If other browser you have tried do not say this, they are taking less care of your safety.
Thank you, how would i get the certificate from pihole?
It is stored in /etc/pihole, look out for tls.crt
The PEM file in the same directory has both the certificate as well as the private TLS key, this is not needed on the phone and should only be stored on the server.
While trying to create a walk-through for you, I realized that this isn't actually possible with Firefox (mobile) because it won't accept self-signed certificates. I, hence, proposed a change how Pi-hole generates its own SSL/TLS certificate (proposal not yet accepted!) and wrote a guide here:
Note that this needs a special version of FTL, too:
Wow, thank for that hard work. I'm not sure if I should do the guide, Very thorough.
Thanks for the HowTo and the coding for the super easy way to fix the "Certificate doesn't match domain" error 
