PiHole updated and now inaccessible? Topic is solved

Having issues with your DietPi installation or found a bug? Post it here.
User avatar
Joulinar
Posts: 3821
Joined: Sat Nov 16, 2019 12:49 am

Re: PiHole updated and now inaccessible?

Post by Joulinar »

well it's not that black and white I would say. Probably someone would like to continue using HTTPS even if he remove certbot. Maybe if he get certificate on another way. Maybe we should implement a dialog asking for the clean-up?

@MichaIng
your thoughts pls :)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
DarrenHill
Posts: 42
Joined: Wed May 08, 2019 3:00 pm

Re: PiHole updated and now inaccessible?

Post by DarrenHill »

I thought it probably wouldn't be so easy ;)

In my case I removed certbot as I have it elsewhere (built into NextCloud, running under Docker on another Pi) and didn't need the duplication or extra port openings. So the certificate is still valid, it's just not renewed/downloaded under the DietPi install, so doesn't exist in the location where the config file was expecting it to be.

What you say is correct, but at the moment removing certbot breaks PiHole web access, which obviously isn't an ideal situation for end users.
User avatar
MichaIng
Site Admin
Posts: 2628
Joined: Sat Nov 18, 2017 6:21 pm

Re: PiHole updated and now inaccessible?

Post by MichaIng »

There is already an open request about disabling HTTPS via dietpi-letsencrypt: https://github.com/MichaIng/DietPi/issues/1910
But it requires some rework when it should be possible as well after Certbot has been uninstalled. And indeed removing Certbot should probably not disable HTTPS directly, as key and cert are still present and valid and the user might simply switch to a different ACME client. But we should at least print a warning that renewal should be taken care of another way, in case key and cert paths adjusted or lighty-disable-mod dietpi-https used to disable HTTPS on the webserver. If HSTS was used, disabling HTTPS breaks access via public domain for all clients that accessed it once.
Post Reply