Wowsers! After a lot of head scratching, I've actually got the thing working with LetsEncrypt, and two separate servers (different hardware). There is one anomaly though.
Ok to begin.

Lets Encrypt first; installed and setup a certificate on the ProxyPass host (the web server here has to be running).

Site one:
Virtual Host: URL of my mail server as seen in the outside world.
Alias: Empty(!)
Enabled (obviously)
Protocol: Both (this is that anomaly I'll get to later)
Redirect: Yes (as I want both http & https to end up as https - again, see later)
Target: I used the IP address of the target server as it's a static address, but you could use the DNS entry.
Target path: Empty as web access is via webaccess/webapp, but the iPhone (via Zarafa plugin) goes via a different path. Could define your preference though.
Certificate: LetsEncrypt certificate setup earlier.
Validate SSL etc: I've got this disabled as the target server is completely under my control and so I don't need to validate the self-signed certificate on the target. I personally think this is here if the target server is located outside the immediate LAN. If you enable the option (with a self-sign), you seem to end up with a 500 and "error during SSL Handshake with remote server'"

Site two: is similar, but on a different server (my file server hosting NextCloud)

The ProxyPass server passes the URL from the outside (or the local LAN) over to the target hardware where it's serviced, all this using the one LetsEncrypt certificate held at the front end. I've tested the connection via NextCloud client and a browser (to the mail server) from a machine on the LAN, and from an iPhone (webmail, mail account and NextCloud client) via mobile data and they all work.

Now the anomaly: I initially set the protocol option for the mail server to 'https', expecting the http connection to be blocked; it wasn't - it ended up on the hosting web server default website. Oddly though, the Nextcloud instantiation, with the same settings, ended up on the Nextcloud web access - couldn't explain that. The only way to fix it was to select 'both' and redirect to https. If you select http, you end up with a 'might not work' warning, but when I tried it, there didn't seem to be a problem. Be that as it may, it makes more sense to force https anyway.

Hope that all helps.

I have knocked up some basic app documentation at https://www.clearos.com/resources/documentation/clearos/content:en_us:7_ug_proxypass. Please can you review it and add any comments. It is based on a bit of testing and some observations. I only have the app working for subdomains (e.g. subdomain.domain.com) and not for paths such as domain.com/subdomain, but this is probably intentional.

I have not tested http -> https redirects or the extra box. "Validate SSL connection to target" which sometimes appears.

Hi Greg

I normally just use the ProxyPass for "Sub-Domains" but it should work with seperate Domains as well.
In the Webserver App i only have a Default Site setup and do everything else with ProxyPass as i have thiungs split up on various servers.
I am attaching a screenshot on how i usually set it up to use a SubDomain from another internal Server running on Port 80

Hope it helps


Edit:
I think i can see where you are going wrong... The Alias should be an URL (hence why i use SubDomains that i setup with my Domain Provider)

I don't know why I am having such difficulty. I have setup Apache and Nginx in the past. I must be missing something.

I have allowed port 80 and 443 in the incoming firewall settings. I added a virtual server to proxypass as follows:

Virtual host: home.[mydomain].ca
Alias: /ha
Enabled: Enabled
Protocol: HTTP
Target server: internal_iport
Target path: left blank
Validate SSL on connection to target: Disabled

I also have the web server installed as I assumed it was needed for some reason. They both point to the same domain could that be the issue? Do they conflict or work together?

I also tried another domain name that points to the ClearOS WAN IP and get a 404 error with the web server turned on and a "can not connect.." error with the web server turned off.

Any assistance is greatly appreciated.

Greg

I'd be happy to update the documentation, if you'd like to help. I don't have the app, but I can get hold of it.

Hi Greg

Yes, you can use ProxyPass with or without SSL to forward external requests to internal webservers and the chosen SSL certificate does indeed get passed on. I use it for a couple of Servers and use Lets Encrypt Certs as well.
Its not that hard to configure and you should get the hang of it in about 10 to 15 minutes. Haven't tried it with multiple domains though but with Subdomains pointing to different internal servers it works just fine so i guess it would work with TLD's as well.

Things to remember when setting it up:

Target server: Depending on which Protocol you choose (http/https or both) you enter the corresponding http://internal-serverip or https://internal-serverip
Target path: If you want to simply point it to the internal servers main root folder you can leave it empty otherwise /foldername

The rest should be self explanatory

Hope this helps you out otherwise don't hesitate to ask