Force HTTPS Admin Page

HTTPS should only be enabled for the FQDN of the Pi-Hole server; as the server is redirecting traffic, you may get a bunch of cert wonkiness when DNS resolves return blocked domains.

Create a combined certificate.

sudo cat privkey.pem cert.pem | sudo tee combined.pem
sudo chmod www-data -R combined.pem

Note

This contains private information and should not be placed in a web directory.

0644 root root /etc/lighthttpd/external.conf

$HTTP['host'] == 'pihole.example.com' {
  # Ensure the Pi-hole Block Page knows that this is not a blocked domain
  setenv.add-environment = ('fqdn' => 'true')

  # Enable the SSL engine with a LE cert, only for this specific host
  $SERVER['socket'] == ':443' {
    ssl.engine             = 'enable'
    ssl.pemfile            = 'combined.pem'
    ssl.ca-file            =  'fullchain.pem'
    ssl.honor-cipher-order = 'enable'
    ssl.cipher-list        = 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
    ssl.use-sslv2          = 'disable'
    ssl.use-sslv3          = 'disable'
  }

  # Redirect HTTP to HTTPS
  $HTTP['scheme'] == 'http' {
    $HTTP['host']          =~ '.*' {
      url.redirect         = ('.*' => 'https://%0$0')
    }
  }
}

Restart services.

sudo service lighthttpd restart