Unable to access dashboard via IP despite ad blocking still working

Hexadecimalism · January 30, 2026, 9:20pm

Expected Behaviour:

I’ve had what I recall to be the default install on a RPi 3B for a few years now. My ability to load the dashboard seems to die every couple of days, culminating in a took too long to responderror. Sometimes this propagates to my secondary pi-hole (an identical LXC in proxmox that is synced via nebula-sync).

Reading around points to lighttpd being the possible culprit, so on my primary pi running my primary pi-hole, I run a sudo service lighttpd restart which doesn’t seem to solve the issue. Running sudo systemctl status --full --no-pager lighttpd shows that lighttpd fails to start and prints the following:

● lighttpd.service - Lighttpd Daemon
Loaded: loaded (/lib/systemd/system/lighttpd.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2026-01-30 20:23:00 GMT; 2min 58s ago
Process: 3211 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=0/SUCCESS)
Process: 3214 ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf (code=exited, status=255/EXCEPTION)
Main PID: 3214 (code=exited, status=255/EXCEPTION)
CPU: 103ms

Jan 30 20:23:00 raspberrypi systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Jan 30 20:23:00 raspberrypi systemd[1]: Stopped Lighttpd Daemon.
Jan 30 20:23:00 raspberrypi systemd[1]: lighttpd.service: Start request repeated too quickly.
Jan 30 20:23:00 raspberrypi systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Jan 30 20:23:00 raspberrypi systemd[1]: Failed to start Lighttpd Daemon.

Rebooting the hardware via sudo reboot seems to solve the issue, but it’s a temporary solution as the pi-hole instance inevitably loses the ability to load the dashboard on its /admin page a day or two later.

Debug Token:

My current debug token can be found here: https://tricorder.pi-hole.net/BHtN18Bv/

rdwebdesign · January 30, 2026, 9:28pm

Your debug log shows you are running Pi-hole v6:

*** [ DIAGNOSING ]: Core version
[✓] Version: v6.3

*** [ DIAGNOSING ]: Web version
[✓] Version: v6.4

*** [ DIAGNOSING ]: FTL version
[✓] Version: v6.4.1

No.
Pi-hole v6 doesn't use lighttpd. Do not try to start it (you can even uninstall it).

The debug log also shows the IP is 192.168.1.199.

Which URLs are you using to access the web interface?

Did you try one of these?

Hexadecimalism · January 30, 2026, 11:13pm

I was not aware lighttpd was no longer in use, and yes that is the correct IP. I use HTTP locally and it’s very rare that I use HTTPS unless I’m connecting remotely. Neither option currently works.

Hexadecimalism · February 1, 2026, 12:08pm

Still waiting on possible solutions as the problem is ongoing. Adblocking still works, local DNS entries still work, however I’m still unable to load up 192.168.1.199/admin. To make sure my ad blocking and DNS entries are not currently getting solved by my failover I triedping which gets a response noting the RPI is up and running. I also tried nslookup google.com 192.168.1.199to verify that DNS functioned and got valid results.

deHakkelaar · February 1, 2026, 7:27pm

Is pihole-FTL listening on ports 80 + 443 if run below?

sudo ss -nltp sport = 80 or sport = 443

And does it reply with a "HTTP/1.1 200 OK" if run below?

curl -IL http://192.168.1.199/admin/

Or below?

curl -IL http://localhost/admin/

Maybe firewall blocking?

sudo nft list ruleset

Or for older distros:

sudo iptables -nL

Hexadecimalism · February 1, 2026, 7:51pm

sudo ss -nltp sport = 80 or sport = 443 gives the following results showing FTL on those ports

pi@raspberrypi:~ $ sudo ss -nltp sport = 80 or sport = 443
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port Process
LISTEN    118       200                0.0.0.0:80               0.0.0.0:*   users:(("pihole-FTL",pid=634,fd=35))
LISTEN    167       200                0.0.0.0:443              0.0.0.0:*   users:(("pihole-FTL",pid=634,fd=36))
LISTEN    0         200                   [::]:80                  [::]:*   users:(("pihole-FTL",pid=634,fd=37))
LISTEN    0         200                   [::]:443                 [::]:*   users:(("pihole-FTL",pid=634,fd=38))

I am unable to curl both the IP/admin and localhost/admin from the pi running the pi-hole with either HTTP or HTTPS. I am also unable to curl IP/admin from other machines on the network with HTTP or HTTPS. My nft list ruleset is empty.

deHakkelaar · February 1, 2026, 7:53pm

What message?
Can you post the complete output?
And does the iptables return any?

deHakkelaar · February 1, 2026, 7:56pm

Hexadecimalism:

sudo ss -nltp sport = 80 or sport = 443 gives the following results showing FTL on those ports

pi@raspberrypi:~ $ sudo ss -nltp sport = 80 or sport = 443
State     Recv-Q    Send-Q       Local Address:Port        Peer Address:Port                                                                                                                                                                                                                                                 Process
LISTEN    118       200                0.0.0.0:80               0.0.0.0:*                                                                                                                                                                                                                                                     users:(("pihole-FTL",pid=634,fd=35))
LISTEN    167       200                0.0.0.0:443              0.0.0.0:*                                                                                                                                                                                                                                                     users:(("pihole-FTL",pid=634,fd=36))
LISTEN    0         200                   [::]:80                  [::]:*                                                                                                                                                                                                                                                     users:(("pihole-FTL",pid=634,fd=37))
LISTEN    0         200                   [::]:443                 [::]:*

I dont see pihole-FTL like below example:

$ sudo ss -nltp sport = 80 or sport = 443
State   Recv-Q   Send-Q     Local Address:Port     Peer Address:Port  Process
LISTEN  0        200              0.0.0.0:80            0.0.0.0:*      users:(("pihole-FTL",pid=465,fd=35))
LISTEN  0        200              0.0.0.0:443           0.0.0.0:*      users:(("pihole-FTL",pid=465,fd=36))
LISTEN  0        200                 [::]:80               [::]:*      users:(("pihole-FTL",pid=465,fd=37))
LISTEN  0        200                 [::]:443              [::]:*      users:(("pihole-FTL",pid=465,fd=38))

Did you missed copy/pasting that right most part?

rdwebdesign · February 1, 2026, 7:58pm

Just to answer deHakkelar's question, Pi-hole is using the correct ports.

From the Debug Log:

[✓] udp:*:53 is in use by pihole-FTL
(...)
[✓] tcp:0.0.0.0:443 is in use by pihole-FTL
[✓] tcp:0.0.0.0:80 is in use by pihole-FTL
[✓] tcp:0.0.0.0:53 is in use by pihole-FTL

Hexadecimalism · February 1, 2026, 8:01pm

No it’s there, my copy paste from terminal is just wider than yours for some reason. As for my ruleset that is empty, and I don’t have iptables on this pi.

deHakkelaar · February 1, 2026, 8:04pm

Enable web debugging with below:

sudo pihole-FTL --config debug.webserver true

Tail/follow the logs live with below:

sudo tail -F /var/log/pihole/webserver.log

And check if both curl's register in the logs and how?

When finished debugging, disable again with below:

sudo pihole-FTL --config debug.webserver false

EDIT: Ps, below what I see:

$ sudo tail -F /var/log/pihole/webserver.log
[..]
[2026-02-01 21:00:47.791 CET 465] Authentication required, redirecting to /admin/login

deHakkelaar · February 1, 2026, 8:14pm

Aha now I see.
Its way off the map

EDIT: I did some cosmetic surgery on that posting of yours

Hexadecimalism · February 1, 2026, 8:23pm

curls are not showing up at all in webserver.log. In fact nothing seemed to happen at all as the file is empty.

However my FTL.log displays the following ad-nauseum:

pi@raspberrypi:~ $ sudo tail -F /var/log/pihole/FTL.log
2026-02-01 20:19:06.058 GMT [2538/F634] DEBUG_ANY: Closing gravity database
2026-02-01 20:19:06.070 GMT [2539/F634] DEBUG_ANY: Closing gravity database
2026-02-01 20:19:06.074 GMT [634M] DEBUG_ANY: dnsmasq received signal 17
2026-02-01 20:19:06.085 GMT [634M] DEBUG_ANY: dnsmasq received signal 17
2026-02-01 20:19:08.907 GMT [2540/F634] DEBUG_ANY: Reopening Gravity database for this fork
2026-02-01 20:19:08.918 GMT [2541/F634] DEBUG_ANY: Reopening Gravity database for this fork
2026-02-01 20:19:08.928 GMT [2540/F634] DEBUG_ANY: Closing gravity database
2026-02-01 20:19:08.940 GMT [2541/F634] DEBUG_ANY: Closing gravity database
2026-02-01 20:19:08.944 GMT [634M] DEBUG_ANY: dnsmasq received signal 17
2026-02-01 20:19:08.955 GMT [634M] DEBUG_ANY: dnsmasq received signal 17

Is that normal behavior?

deHakkelaar · February 1, 2026, 8:31pm

Do you get any connection if run below?

sudo nc -nzvw5 192.168.1.199 80

Eg:

$ sudo nc -nzvw5 10.0.0.5 80
Connection to 10.0.0.5 80 port [tcp/*] succeeded!

No.
Just to be sure its not a power issue, does below return any?

sudo dmesg -T | grep -i voltage

Hexadecimalism · February 1, 2026, 8:32pm

pi@raspberrypi:~ $ sudo nc -nvw5  192.168.1.199 80
Connection to 192.168.1.199 80 port [tcp/*] succeeded!

as for sudo dmesg -T | grep -i voltage it returns nothing.

deHakkelaar · February 1, 2026, 8:35pm

I'm outta ideas ... for now

Hexadecimalism · February 1, 2026, 8:36pm

I appreciate the support. I’ll go ahead and reboot, that often fixes it for a day or two.

rdwebdesign · February 1, 2026, 8:39pm

Do you see something on the webserver.log after that command?

If you do, it means Pi-hole webserver received that request and it is working. Now you need to find you why other requests are getting blocked.

If you don't see log entries, then I'm completely out of ideas.

deHakkelaar · February 1, 2026, 8:45pm

FYI, that nc command only establishes a TCP connection/handshake and nothing else.
It doesnt transmit any payload.

Hexadecimalism · February 1, 2026, 8:45pm

I have rebooted the RPI and everything is in working order, again. When the dashboard goes down again in a few days, I’ll enable logging to webserver.log again and try sudo nc -nzvw5 192.168.1.199 80 to see if it shows up in it.