PiHole updated and now inaccessible? Topic is solved

[Joulinar]

well it's not that black and white I would say. Probably someone would like to continue using HTTPS even if he remove certbot. Maybe if he get certificate on another way. Maybe we should implement a dialog asking for the clean-up?

@MichaIng
your thoughts pls

[DarrenHill]

I thought it probably wouldn't be so easy

In my case I removed certbot as I have it elsewhere (built into NextCloud, running under Docker on another Pi) and didn't need the duplication or extra port openings. So the certificate is still valid, it's just not renewed/downloaded under the DietPi install, so doesn't exist in the location where the config file was expecting it to be.

What you say is correct, but at the moment removing certbot breaks PiHole web access, which obviously isn't an ideal situation for end users.

[MichaIng]

There is already an open request about disabling HTTPS via dietpi-letsencrypt: https://github.com/MichaIng/DietPi/issues/1910
But it requires some rework when it should be possible as well after Certbot has been uninstalled. And indeed removing Certbot should probably not disable HTTPS directly, as key and cert are still present and valid and the user might simply switch to a different ACME client. But we should at least print a warning that renewal should be taken care of another way, in case key and cert paths adjusted or lighty-disable-mod dietpi-https used to disable HTTPS on the webserver. If HSTS was used, disabling HTTPS breaks access via public domain for all clients that accessed it once.