let's encrypt cert for Pi-hole web Interface on top of DietPi

Hello,

I have Pi-hole on the top of DietPi on Rpi 3B+

all is working correctly.

my end goal is to do DOH with the Pi-hole but one of the pre-requisit for it it’s to have a certificate on top of the web interface of Pi-hole

This article: https://discourse.pi-hole.net/t/enabling-https-for-your-pi-hole-web-interface/5771 explain how to do, but before starting to mess my DietPi I’m curious to know if there is not already a way to automatically manage the certificates on DietPi?
And if not, what is the best way to do?

Simply use dietpi-letsencrypt to create SSL certificate on your web server

https://dietpi.com/docs/dietpi_tools/#dietpi-letsencrypt

I was sure there is a all in one option … I really love DietPi :sunglasses:

just FYI, I had the same issue as described here:

and I fixed it by

  • running : certbot certonly --webroot -w /var/www/html
    That generated the certificate

and

  • after: dietpi-letsencrypt
    who discovered that I had a certificated and applied it

How did you install PiHole?

On a normal DietPi system web server root is /var/www/ and not /var/www/html

And you could use dietpi-letsencrypt right from the beginning

Yes pi-hole was there before and the goal was to have a secure web-interface

Usually dietpi-letsencrypt should be working without creating certificate manually before.

I forgot the link … same error as here: https://github.com/MichaIng/DietPi/issues/2814

this is why I thinked to do certbot certonly --webroot -w /var/www/html first

Still the question how did you install PiHole because it looks like you did not used dietpi-software or you used some repair function on PiHole. Because web server root is not /var/www/html on our systems. This is set if you would use PiHole own installer outside our tooling.

It was more a year ago and I did the install manually ( thanks to the history command I can see that)

ok this explains the different web server root. Therefore the workaround is needed in your case. As long as you don’t plan to run any other web server application (like NextCloud) it should be fine.