Let's Encrypt SSL on specific port(s)

I was finally able to get forgejo (port 3000) (specific port) redirect to https with let's encrypt ssl.

I created a normal subdomain at normal 80/443 ports with LE SSL generated. Then in the forgejo app.ini (/etc/forgejo/app.in) file, added this under [server]

[server] ENABLE_ACME = enable HTTPS_PORT = 3000 ssl ROOT_URL = https://git.domain.tld

Then under nginx.conf ($HESTIADATA\conf\web\git.domain.tld\nginx.conf) I added

location / {
  client_max_body_size 4096M;
  proxy_pass http://localhost:3000;
  proxy_set_header Connection $http_connection;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

Then under apache2.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.conf) I added

    ProxyPreserveHost On
    ProxyRequests off
    AllowEncodedSlashes NoDecode
    ProxyPass / http://localhost:3000/ nocanon

Then under apache2.ssl.conf ($HESTIADATA\conf\web\git.domain.tld\apache2.ssl.conf) I added

    < VirtualHost git.domain.tld:8443 https >

    ProxyPreserveHost On
    ProxyRequests off
    AllowEncodedSlashes NoDecode
    ProxyPass / http://localhost:3000/ nocanon

I also enabled the following to ensure the proxy works:

    a2enmod proxy
    a2enmod proxy_http
    a2enmod proxy_balancer
    a2enmod proxy_wstunnel
    systemctl restart apache2
    systemctl restart nginx
    systemctl start forgejo.service

I got the help from these: APache SSL Long Record Error || Let's Encrypt SSL Certificate || Gitea Reverse Proxy - Apache HTTPD || Gitea Reverse Proxy - General Conf || Gitea Reverse Proxy - NGINX || HestiaCP Post || Reddit Post