On the whole Caddy/TLS bit: Did I miss something or wouldn't he also have to purchase a domain for the admin interface? (And then setup pihole such that the domain is resolved to the pihole server itself inside the LAN).
Of course it might be that he already had a personal domain available from some other project, that he could use.
But actually buying a domain just so your raspberry pi can use https seems like the ultimate overengeneering.
You're correct, but you can see he already has a personal domain hosting his blog: ben.balter.com. He probably just pointed another subdomain at the pihole e.g. pihole.balter.com. That's what I did with my piholes and other internal web apps on my home network.
Of course it might be that he already had a personal domain available from some other project, that he could use.
But actually buying a domain just so your raspberry pi can use https seems like the ultimate overengeneering.