Nevermind… i just tested:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName www.(MYDOMAIN)
ProxyPreserveHost On
DocumentRoot /var/www/html
ProxyPass /.well-known !
ProxyPass / http://192.168.2.31:80/ flushpackets=on
ProxyPassReverse / http://192.168.2.31:80/
LimitRequestBody 0
RequestHeader set X-Forwarded-SSL "1"
RequestHeader set X-Forwarded-Proto "https" env=HTTPS
<IfModule mod_headers.c>
RewriteEngine On
Header always set Strict-Transport-Security "max-age=15768000; preload"
Redirect 301 /.well-known/carddav https://www.(MYDOMAIN)/remote.php/dav
Redirect 301 /.well-known/caldav https://www.(MYDOMAIN)/remote.php/dav
Redirect 301 /.well-known/webfinger https://www.(MYDOMAIN)/index.php/.well-known/webfinger
Redirect 301 /.well-known/nodeinfo https://www.(MYDOMAIN)/index.php/.well-known/nodeinfo
</IfModule>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/(MYDOMAIN)-0003/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/(MYDOMAIN)-0003/privkey.pem
</VirtualHost>
</IfModule>
this is working too… I was wondering before but just accepted it as “works - don’t touch it”… So it was just the headers i needed…