HTTPS not working, but HTTP working fine. I'm at a loss!

[FlamboyantOrangutan]

Hi, an eternal noob here, TIA for the help.

I recently set up a xpenology with ARPL and DSM 7.2, everything seems to be working so far.

I want to have access to this while I'm outside so I looked up on how to achieve this. I figured I needed to purchase a domain name for easy access, and then an SSL certificate for security reasons because HTTPS is said to be secure-r. I'm not sure how.

I don't have *any* knowledge on network security (or network anything) so I'm figuring out as I go. I'm not sure what I did and if they were correct, but things are working. I honestly don't know how and why they are working at this point.

Here's what I did:

1. I purchased an SSL cert. from "comodo".

2. I purchased a domain name from "namecheap".

3. I added SSL cert. to the domain name and registered it.

4. I pointed my Xpenology's external IP address to Namecheap's CNAME record.

5. I added port-forwarding rule to my router, opening only the ports that I require.

6. HTTP access to my registered domain name is now working!! but HTTPS is "connection_refused".

My end goal is to have something like ("photo.myDomainName.com" and "plex.myDomainName.com") so I can use each application as they are, but I think I should have bought "wildcards" domain and they are way more expensive for such a personal use.

At certain point I was reading google, I realised people were having a lot of trouble with Namecheap domain and Synology DDNS, requiring a separate webserver pointing to a php that is pointing to a CNAME record. I don't understand any of this (or even what a CNAME is), but mine worked without this workaround. I hope my work isn't insecure or I did something wrong by not applying the guide.

Sorry about the rambling! I'm still figuring this out tinkering here and there. If anybody has any advise on any of the things that I mentioned, please please let me know!!

Also, I need advise on security! I set up 2FA on my one account that I have (with admin privilege) and a firewall disconnecting anyone connecting from outside my country. any other specific action I should take? I'm already getting a lot of emails that people from Russia(?) are trying to connect to my NAS and failing??

Thank you!!!