I’ve been racking my brain the whole afternoon trying to figure out why when I try to access my Pihole over Web GUI suddenly I’m met with SEC_ERROR_UNKNOWN_ISSUER error.

My setup:

• Nginx (SWAG) runs on my server and routes all apps on the server, plus two separate devices (Unifi and Pihole)
• Pihole runs on a Raspi with a fixed IP
• Nginx conf points to Pihole’s IP on port 80 over http protocol.

This worked perfectly fine until several days ago (well, that’s when I noticed the issue). Now whenever I try to access Pihole over its FQDN (https://pihole.my.domain/), I get the above error. The reason is mismatched certs, i.e. my browser fetches Pihole’s self-signed cert and doesn’t see my domain’s cert at all. However, this shouldn’t be happening at all. Nginx conf points to Pihole’s port 80, not port 443. To further confirm this, I temporarily disabled port 443 on the Pihole and only served on port 80, which made Pihole web inaccessible over Nginx. I thought maybe Unifi is the culprit, but I can still reach the Web GUI over http://pihole.my.domain/ and http://pihole-ip/ through my browser. I have several other apps on the server that use port 80, and Nginx has no issue routing them.

Anyone has any idea what might be happening here?