posts/2020/05/14/setting-up-ssl-with-pihole-without-a-fqdn #29
Comments
|
This article looked promising but it is incomplete. The scripts are listed but there are no instructions on how they should be saved or ran. I am a novice so the instructions need to be exact for me. |
|
@Evan193 if you're referring to the shell scripts, their exact location isn't listed because it doesn't matter. As you can tell from anything with a path referring to a cert, the SSL certs need to be thrown in /etc/sslcerts. I don't remember atm if that was an arbitrary decision or not. I did vaguely mention this on the first script:
Because again, the location of the script itself is irrelevant. As long as the certificates end up in /etc/sslcerts, pihole doesn't care. The script is for your ease of generation, and not for some obscure pihole use. It's a shell script (which I'll clarify when I'm actually awake), which means you can either copy-paste the commands and make necessary changes, or make a I didn't include this because I assume some familiarity with Linux (read: basic command line understanding, and understanding what shell files are and how they can be executed) |
|
Thanks for the reply. I eventually figured it out. I copied your OpenSSL script to sslmake.sh. I had to run bash ./sslmake.sh in order for it to run. I was expecting to just type ./sslmake.sh but it didn’t work. I’ll do the same for sslrenew.sh when the time comes. As for copying the ca.crt.pem to windows for Firefox import, I installed samba with cifs-utils and then mounted the windows share to /mnt/share. My apologies, I tend to get frustrated easily when told to look elsewhere for some of the steps that are determined to be common knowledge. I have a learning disability so I try to learn only what is needed to complete the task. |
|
Lighttpd won't start, apparently there are issues with mod_openssl.so not being available. Too bad, I like self-signed certs better than no certs :( |
|
That just sounds like missing dependencies. Not sure what dependency it is, but if I'd have to take a guess, I'd assume libopenssl. You could probably check with your package manager, if you have one that let's you search for files |
|
For some odd reason, the web interface is throwing out a SSL_ERROR_INTERNAL_ERROR_ALERT. I can't seem to solve it. The only thing I changed is that i removed the "unknown" stuff from the script (put in my own info) |
|
Eher missing dependency had, an others probably to ist lighttpd-mod-openssl.
mod_openssl was onece included and loaded automatically, but it isn't anymore. See here for further details: https://discourse.pi-hole.net/t/ssl-for-pi-hole-web-interface-not-working/55937/4 On a side note the lines with |
If anyone faces this issue, the way I fixed it is by removing |
|
Might be outdated settings, but by the end of the day this is what my server.modules += ( "mod_openssl" )
$HTTP["host"] == "pihole.lan" {
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
# Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/sslcerts/combined.pem"
ssl.ca-file = "/etc/sslcerts/ca.crt.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}took bits from official guide and what others suggested. The only issue I couldn't figure out was accessing using |
|
Yeah, some other comments pointed out that too. I recently reinstalled Raspbian, which wiped the SSL settings, meaning I have to reconfigure SSL. Revising the post as part of that is on my backlog as well |
Setting up SSL with pihole, without a FQDN | LunarWatcher
https://lunarwatcher.github.io/posts/2020/05/14/setting-up-ssl-with-pihole-without-a-fqdn.html
The text was updated successfully, but these errors were encountered: