Can't set up Captive Portal

[Timonator]

I am running OPNsense 25.1.9.

I am using APs to that move users that log into the guest SSID to VLAN33. This VLAN has it's own interface in OPNsense.

I've set up the entire voucher system etc. But couldn't get the captive page to load up once connected to the guest network.
If I would manually go to <ip router>:8000, the login page opens up and I can login with voucher details. This would just not pop-up automatically (tried on different devices)

Now I've read this could be due to not having HTTPS encryption enabled. So I went on to get ACME running with signed certs. But as soon as I try to reach the captive portal manually, it is just not accessible. (both on the restricted VLAN and main network)

I've also tried using DHCP option 114 in the Guest DHCP server settings. As this is supposed to trigger there is a captive portal once you log on to the network.
option = 114
type = text
value = https://router.domain.com:8000

As a side note, I am using pihole as the DNS server, which has a local record pointing router.domain.com to the <ip-router>. There is a rule in the firewall for VLAN33 that it will also allow DNS traffic to <ip-pihole> with port 53. I've tested this with disabling the captive portal and this works.

So question mainly is:
Why does the captive portal not work, once I use HTTPS and signed certs?
Why does a network logon not push me to the captive portal?

I guess I can live with the fact SSL not works, but I kind of want guests to be redirected to the captive portal automatically.