excellent, thank you for the detail. I can fumble my way around Linux but def not 'good' at it so this will help!
btw, I'm doing all Internet traffic is HTTPS into Reverse Proxy, I had this all working fine with the Lets Encrypt cert for 2 years... then the cert expired and could not get it to renew or create a new one. Even with the ASUS & Syno firewalls disabled port 80 & 443 100% open. Wish Lets Encrypt would allow us to create a cert easily online instead of relying on Syno's garbage or needing to know how to run linux scripts.