ERROR: The certificate of ‘sputnik.roen.us’ is not trusted.

[MelvinRC]

root@CIT-PIH-01:~# cat wget-log
--2020-11-15 15:38:42-- https://sputnik.roen.us/pipass/scripts/install.sh
Resolving sputnik.roen.us (sputnik.roen.us)... 141.239.111.200
Connecting to sputnik.roen.us (sputnik.roen.us)|141.239.111.200|:443... connected.
ERROR: The certificate of ‘sputnik.roen.us’ is not trusted.
ERROR: The certificate of ‘sputnik.roen.us’ doesn't have a known issuer.
The certificate's owner does not match hostname ‘sputnik.roen.us’

[roenw]

We have adapted the install to a bash-only script.
wget https://raw.githubusercontent.com/PiPass/bin/master/install.sh
sudo ./install.sh

[MelvinRC]

cool thanks, worked after chmod -x

But nothing happens still normal 404 pages, any idea what I did wrong?

This is the install log.

pihole@CIT-PIH-01:~$ sudo ./install.sh.1

To ensure compatibility, the system should be updated. Is this ok? [Y/n] y

The installer will now check for and install dependencies. Is this ok? [Y/n] y

[✓] git is installed.
[✓] php is installed.
[✓] php-curl is installed.
[✓] curl is installed.

We think that your webroot is /var/www/html/ and will install there. Is this ok? [Y/n] y
[i] Downloading PiPass files to your system.
Initialized empty Git repository in /var/www/html/.git/
Updating origin
remote: Enumerating objects: 95, done.
remote: Counting objects: 100% (95/95), done.
remote: Compressing objects: 100% (54/54), done.
remote: Total 2512 (delta 40), reused 76 (delta 29), pack-reused 2417
Receiving objects: 100% (2512/2512), 4.57 MiB | 7.43 MiB/s, done.
Resolving deltas: 100% (723/723), done.
From https://github.com/pipass/blockpage

• [new branch] admin -> origin/admin
• [new branch] master -> origin/master
• [new tag] v1.3 -> v1.3
• [new tag] v1.4 -> v1.4
  From https://github.com/pipass/blockpage
• branch master -> FETCH_HEAD
  [✓] PiPass has been cloned to your webroot directory.
  % Total % Received % Xferd Average Speed Time Time Time Current
  Dload Upload Total Spent Left Speed
  100 4 100 4 0 0 14 0 --:--:-- --:--:-- --:--:-- 14
  [i] Checking out latest stable version 1.3.
  Note: checking out 'tags/v1.3'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

git checkout -b

HEAD is now at a34f247 beta --> master - Update functionality (#2)
[✓] Latest stable version 1.3 checked out.
[i] We think that the php user is www-data, but this is just a guess. Please update the PHPUSER variable in this file if this is wrong.
www-data ALL=(ALL) NOPASSWD: /usr/local/bin/pihole -w *, /usr/local/bin/pihole -w -d *
[✓] sudoers line added successfully.
[i] Backed up lighttpd configuration to lighttpd.conf.pipass.bak.
[✓] Successfully modified lighttpd configuration for 404 redirects.
[i] Backed up Pi-Hole configuration to pihole-FTL.conf.pipass.bak.

To complete installation, pihole-FTL.service should be restarted. Is this ok? [Y/n] y
[i] Restarting pihole-FTL.service. This shouldn't take long.
[✓] Restarting DNS server
[✓] PiPass installation completed without significant errors.

[roenw]

Is your Pi's webserver listening on port 443?

[MelvinRC]

Seems not... 😊

pihole@CIT-PIH-01:~$ ss
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
u_str ESTAB 0 0 /run/systemd/journal/stdout 12950 * 12949
u_str ESTAB 0 0 * 825180 * 0
u_str ESTAB 0 0 * 13365 * 13792
u_str ESTAB 0 0 /run/systemd/journal/stdout 15532 * 15531
u_str ESTAB 0 0 * 12949 * 12950
u_str ESTAB 0 0 * 13487 * 13488
u_str ESTAB 0 0 * 15531 * 15532
u_str ESTAB 0 0 * 12946 * 12947
u_str ESTAB 0 0 /run/systemd/journal/stdout 12198 * 11307
u_str ESTAB 0 0 * 13552 * 13553
u_str ESTAB 0 0 * 11307 * 12198
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 13792 * 13365
u_str ESTAB 0 0 * 13674 * 13675
u_str ESTAB 0 0 /run/systemd/journal/stdout 13675 * 13674
u_str ESTAB 0 0 /run/systemd/journal/stdout 13488 * 13487
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 14082 * 14081
u_str ESTAB 0 0 * 14081 * 14082
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 15963 * 15962
u_str ESTAB 0 0 * 15925 * 15926
u_str ESTAB 0 0 /run/systemd/journal/stdout 13553 * 13552
u_str ESTAB 0 0 * 13790 * 13791
u_str ESTAB 0 0 * 13791 * 13790
u_str ESTAB 0 0 /run/systemd/journal/stdout 12947 * 12946
u_str ESTAB 0 0 * 825217 * 825216
u_str ESTAB 0 0 * 825216 * 825217
u_str ESTAB 0 0 * 15702 * 15703
u_str ESTAB 0 0 * 699590 * 699591
u_str ESTAB 0 0 /run/systemd/journal/stdout 15703 * 15702
u_str ESTAB 0 0 * 699631 * 699632
u_str ESTAB 0 0 * 15962 * 15963
u_str ESTAB 0 0 /run/systemd/journal/stdout 699591 * 699590
u_str ESTAB 0 0 /var/run/dbus/system_bus_socket 699632 * 699631
u_str ESTAB 0 0 /run/systemd/journal/stdout 15926 * 15925
icmp6 UNCONN 0 0 *:ipv6-icmp :
tcp ESTAB 0 0 172.19.3.2:http 172.19.3.230:56483
tcp ESTAB 0 96 172.19.3.2:ssh 172.19.3.230:56710

I only ran the script didn't do anything else. What did I miss?

[roenw]

If you are using lighttpd, you should configure it to listen for connections on port 443 using either a self-signed certificate or one with your Pi's fully qualified domain name. That way, if a request comes with HTTPS prepended, it will hit lighttpd and should forward it to the PiPass blockpage.

Note that for websites with a cached HSTS header, you will not be able to load the page and will not be able to manually bypass the certificate error.