I just tested and was able to access this URL on a browser in my network.
It sounds like your Pi has some issue with HTTPS then. Can you access other HTTPS sites? You might want to try reinstalling the latest version of Raspbian Stretch.
No problem accessing any other HTTPS sites on any device. I did several fresh installs with Stretch already 
The part that gets me is that if I connect the Pi my mobile phone’s hot sport, I am able to check for updates. It was actually the only way I could get it installed.
I have a spare Rpi 2 I can try installing Stretch on and test the setup there but it’s just confusing to me.
So, I had some to try figure out what may be happening but am still stumped.
I got to thinking it may be an issue with my router, so I restored it back to defaults.
Once it was back up, I ran pihle -up but got some mixed messages:
pi@rpi:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] FTL: up to date
[i] Web Interface: up to date
[✓] Everything is up to date!
pi@rpi:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] FTL: update available
[i] FTL out of date
[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[✗] Downloading and Installing FTL
Error: Unable to get latest release location from GitHub
pi@rpi:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] FTL: update available
[i] FTL out of date
[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[i] Downloading and Installing FTL.../tmp/tmp.1eyB7zH3ZB /home/pi
curl: (35) error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
/home/pi
[✗] Downloading and Installing FTL
Error: URL not found
pi@rpi:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] FTL: update available
[i] FTL out of date
[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[i] Latest FTL Binary already installed (v3.0). Confirming Checksum...
curl: (35) error:1409441B:SSL routines:ssl3_read_bytes:tlsv1 alert decrypt error
[i] Corruption detected...
[i] Downloading and Installing FTL.../tmp/tmp.AdqwPDk4Fx /home/pi
transferred... /home/pi
[✓] Downloading and Installing FTL
[i] Web Interface: up to date
[i] FTL version is now at v3.0
[✓] Starting pihole-FTL service
[i] Enabling pihole-FTL service to start on reboot [✓] Enabling pihole-FTL service to start on reboot
pi@rpi:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] FTL: update available
[i] FTL out of date
[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[✗] Downloading and Installing FTL
Error: Unable to get latest release location from GitHubSee if this will work for you:
pihole -r now
I’m using the recommended version of dnsmasq, nevertheless I ran pihole checkout master which timed out durring the FTL installation. I didn’t capture the output.
I re-ran pihole -up three times. The first time it was successful and said there were no updates, but the next two failed with the same error message I keep getting.
1 Like
What will this command do? I know the -r switch will trigger a repair but what does now do?
Does this command still report SSL errors?
curl -sI https://github.com/pi-hole/FTL/releases/latest
1 Like
Nope, no errors. Nothing is returned.
Ok, marking this as solved now.
What I did to fix this issue was I went back to Raspbian Jessie lite then ran the installer. This failed initially when trying to start dnsmasq.
So, i went and followed he instructions to install dnsmasq 2.76, re-ran the installer and the I could successfully install Pi-hole.
Trying pihole -up now gives me successful results each time:
pi@rpi:~ $ pihole -up
[i] Checking for updates...
[i] Pi-hole Core: up to date
[i] FTL: up to date
[i] Web Interface: up to date
[✓] Everything is up to date!
pi@rpi:~ $
Question: It seems the main issue is that Rasbian Stretch is not fully supported? Can anyone confirm this??
2 Likes
Stretch is supported, Jessie is not.
1 Like
Hmm that’s odd. When I was on Stretch I was running the recommended version of dnsmasq but still had errors.
Anyways, I’ll try install Stretch on another Pi and see if I still continue to get any errors.
So I tired with a fresh install of Stretch, and just made sure that I had the OS up to date via sudo apt-get update / sudo apt-get upgrade. Below are my results:
pi@raspberrypi:~ $ curl -sSL https://install.pi-hole.net | bash
curl: (35) Unknown SSL protocol error in connection to install.pi-hole.net:443
So next I tired to clone the github repo:
pi@raspberrypi:~ $ git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole
Cloning into 'Pi-hole'...
remote: Counting objects: 69, done.
remote: Compressing objects: 100% (61/61), done.
remote: Total 69 (delta 4), reused 26 (delta 0), pack-reused 0
pi@raspberrypi:~ $ cd "Pi-hole/automated install/"
pi@raspberrypi:~/Pi-hole/automated install $
pi@raspberrypi:~/Pi-hole/automated install $ sudo bash basic-install.sh
The installer launched at this point and I was able to go through the setup process until:
[i] FTL Checks...
[✓] Detected ARM-hf architecture (armv7+)
[i] Checking for existing FTL binary...
[✗] Downloading and Installing FTL
Error: Unable to get latest release location from GitHub
[✗] FTL Engine not installed
[i] Skipping firewall configuration
[i] Restarting services...
[✓] Starting dnsmasq service
[✓] Enabling dnsmasq service to start on reboot
[✓] Starting lighttpd service
[✓] Enabling lighttpd service to start on reboot
[i] Starting pihole-FTL service...
pi@raspberrypi:~/Pi-hole/automated install $
... and it just stops there.
My dnsmasq version is the correct one, v2.76:
pi@raspberrypi:~/Pi-hole/automated install $ dnsmasq -v
Dnsmasq version 2.76 Copyright (c) 2000-2016 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify
This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.
Still not really sure what's going on here. It seems that there is something wrong with running Pi-Hole on Stretch somehow, but it works on Jessie....
I could start a new thread on this if needed since this one is "solved".
What's the output of:
sudo systemctl status dnsmasq
sudo systemctl status pihole-FTL
L.E.
pi-hole-FTL will return an error because of this (I just saw it).
Try installing it with:
curl -v4sSL https://install.pi-hole.net | bash
(it will force IPV4 over IPV6 connection)
pi@raspberrypi:~ $ curl -v4sSL https://install.pi-hole.net | bash
* Rebuilt URL to: https://install.pi-hole.net/
* Trying 45.76.128.97...
* TCP_NODELAY set
* Connected to install.pi-hole.net (45.76.128.97) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* Unknown SSL protocol error in connection to install.pi-hole.net:443
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to install.pi-hole.net:443
pi@raspberrypi:~ $
what is your curl version ? curl -V
Try the following command:
curl -1v4SL https://install.pi-hole.net | bash
(this is forcing TLSv1 (SSL) )
your curl fails at * TLSv1.2 (IN), TLS handshake, Server hello (2):
Below is the output of curl -V
pi@raspberrypi:~ $ curl -V
curl 7.52.1 (arm-unknown-linux-gnueabihf) libcurl/7.52.1 OpenSSL/1.0.2l zlib/1.2.8 libidn2/0.16 libpsl/0.17.0 (+libidn2/0.16) libssh2/1.7.0 nghttp2/1.18.1 librtmp/2.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
EDIT: The version of curl on my working Pi-Hole install with Jessie is curl 7.38.0
Could this be the culprit?
Here is the result of curl -1v4SL https://install.pi-hole.net | bash
pi@raspberrypi:~ $ curl -1v4SL https://install.pi-hole.net | bash
* Rebuilt URL to: https://install.pi-hole.net/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 45.76.128.97...
* TCP_NODELAY set
* Connected to install.pi-hole.net (45.76.128.97) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0* TLSv1.2 (IN), TLS handshake, Server hello (2):
{ [107 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [2553 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [179 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0* TLSv1.2 (IN), TLS change cipher, Client hello (1):
{ [1 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=pi-hole.net
* start date: Feb 21 19:36:11 2018 GMT
* expire date: May 22 19:36:11 2018 GMT
* subjectAltName: host "install.pi-hole.net" matched cert's "install.pi-hole.net"
* issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x2005e48)
} [5 bytes data]
> GET / HTTP/1.1
> Host: install.pi-hole.net
> User-Agent: curl/7.52.1
> Accept: */*
>
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
} [5 bytes data]
< HTTP/2 301
< server: nginx/1.12.2
< date: Thu, 10 May 2018 22:51:36 GMT
< content-type: text/html
< content-length: 185
< location: https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh
< strict-transport-security: max-age=31536000; includeSubDomains
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< referrer-policy: strict-origin
<
* Ignoring the response-body
{ [185 bytes data]
* Curl_http_done: called premature == 0
100 185 100 185 0 0 53 0 0:00:03 0:00:03 --:--:-- 53
* Connection #0 to host install.pi-hole.net left intact
* Issue another request to this URL: 'https://raw.githubusercontent.com/pi-hole/pi-hole/master/automated%20install/basic-install.sh'
* Trying 151.101.0.133...
* TCP_NODELAY set
* Connected to raw.githubusercontent.com (151.101.0.133) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
0 0 0 0 0 0 0 0 --:--:-- 0:05:03 --:--:-- 0* Operation timed out after 300795 milliseconds with 0 out of 0 bytes received
* Curl_http_done: called premature == 1
* stopped the pause stream!
0 0 0 0 0 0 0 0 --:--:-- 0:05:04 --:--:-- 0
* Closing connection 1
curl: (28) Operation timed out after 300795 milliseconds with 0 out of 0 bytes receivedThis topic was automatically closed 21 days after the last reply. New replies are no longer allowed.