Pfsense, haproxy, LE and wildcerts

Hello,

Great work on all tutorials, I enjoy them and they teach me a lot.

I followed the haproxy wildcert tutorial and it works great on almost all my VMs and LXContainers.
The problem I have is:

I go to my internal “mysql.contoso-com” and the webpage comes up (secure woohoo).
However, this is just a landing page with 3 buttons.
Each button goes to a service itself that lies on the same VM/Container but with another port.
So I go to mysql.contoso.com, click on a button and it wants to go to "mysql.contoso-com:12321
Other button is the same but other port, “mysql.contoso-com:12322” etc.
When clicking a button, it just times out.

If I go via IP it is unsecure, but works.

I have tried to do this with ACL and/or actions, but the only thing working is if I add another hostname, webmin.contoso.com with its own backend along with ACLs/Actions. Which beats the purpose with the landing page.

I’ll gladly take any pointers!