I'm going to be quite frank here. This is not a Pi-hole error. if you completely remove the reverse proxy form the equation pi-hole will function as intended.
That being said if the solution is to merely whitelist the domain within pi-hole why have you not done that using one of the many methods of whitelisting a domain. We have hundreds of users with zero issues running their Pi-hole behind a reverse proxy having 0 issues.
the reverse proxy domain will change with every installation so its not something we can set globally and have work every time. Advanced configs such as this are fully on the user and we expect users who wish to use them to know how they work.
I have not found any documentation about the whitelisting methods for the domain of the pihole server at all. I spent about 2 hours worth of googling and trial and error and still have not found anything.
Please note the difference between those two things: Whitelisting a domain within pihole usually means remove it from the blacklist of the dns server. What I mean by that has nothing to do with that, it is what pi hole wants to a accessed from. When I set a host header I get a page that does not really work because everything links to http://pi.hole/(path) (all the css and javascript files). When I do not set a host header it complains about the domain not being allowed. According to the auth.php file setting the VIRTUAL_HOST environment variable should fix that.
This does not exactly fit my setup, I have the reverse proxy on a different machine and tls termination is already done elsewhere. I just need pihole to accept the external FQDN, not serve SSL itself. I read that article in my search and acknowledged it. Also my ssl certificates are being done on the reverse proxy since that is the only machine in my network that has port 80 and 443 forwarded from my external ip.
My intention there was to show the lighttpd configuration files and the settings required for the override. You will need to create a new lighttpd configuration setup that accepts the hostname that you are in need of, setting the environment variables in that file, not in /etc/environment.
Well the admin link forwards me to the internal ip of the client, so it works, but not as intended (it breaks tls reverse proxy). the issue you linked seems to describe a similar problem to mine, so I guess there might be a relation. But tbh I am not too familiar with PiHole yet, so I cannot answer that reliably. Thanks for the help so far, I think we are narrowing down the cause.
Is there any more detailed logfile mentioning the exact errors thrown by the php scripts?
the error log does not show anything. The access log though shows this one line when I access it over the domain: "|127.0.0.1|GET /admin/scripts/pi-hole/php/queryads.php?domain=10.2.1.24:80&bp HTTP/1.0|200|23"
Another weird thing is that when I change my reverse proxy to not proxy to "http://pihole-ip:80" to "http://pi.hole" it forwards me to http://pi.hole. Which is similar to the issue from above where it cancels the ssl session by forwarding to the pihole setups internal ip. I am fairly sure that this would cause issues when being accessed from outside of my network, but I am currently blocking outside access anyway.
What I would like to see is that the session is always being routed through the reverse proxy.
You may need to revisit that Let'sEncrypt guide and look at the configuration. There's a URL redirect in there and you may need to adapt the URL redirect for your particular configuration.
On the admin page or on the bare URL? The bare URL is the blockpage and most likely will never be seen. You should work on https://domain/admin/ for the admin page.