Securing pi-hole admin with SSL

Posted: 2019-09-22

I recently added a running copy of pi-hole onto a spare raspberry pi to test.

One thing I wanted to do was to make the admin view work with https.

This FAQ on enabling SSL has most of the information needed.

However - I am not using letsencrypt for this sort if internal setup - instead I have set up a local CA.

So - for this setup there were three steps:


Using the caman setup - add and sign a new certificate:

cd caman
./caman new
./caman sign

Now we need two files on the pi-hole machine.

  • Copy the CA certificate ca/ca.crt.pem to /etc/lighttpd/fullchain.pem
  • Copy the site certificate store/ to /etc/lighttpd/combined.pem

Note you need the keycrt.pem in combined - both key and certificate

Lighttpd external.conf

Copy the suggested config from the FAQ and change the domain to

Lighttpd modules

At this point - when I did a config check (lighttpd -t -f /etc/lighttpd/lighttpd.conf) and it said I needed to enable the SSL module.

I did so with lighty-enable-mod ssl. However - this added two things to /etc/lighttpd/conf-enabled/10-ssl.conf (symlinked in from conf-available by the call to lighty-enable-mod) - the first loads the SSL module - the second tries to use a server.pem certificate on I only want the module loading so I changed the file to simply be:

server.modules += ( "mod_openssl" )

And then restarted with service lighttpd restart

That was enough to get to work.