So after a lot of fidgeting I got my synology apps and some docker applications wan-accessible through subdomains (on a cloudflare domain) with ACME/haproxy/unboundDNS in Opnsense. It worked both from lan and wan initially, but recently I discovered that now it only works from wan. Changes I' ve made recently are DNS through PiHole instance (proxmox) which I have already reverted back to the IP of the router, and a couple of Opnsense updates.
To anyones knowledge: could my (quite possibly imperfect) setup now be failing because of recent Opnsense changes?
Do all your subdomains resolve properly to the OPNsense interface, which HAproxy is listening on?
Best to have to internal DNS overrides for the domains. So they are resolved to the WAN address. This assumes, that you have your public address assigned to OPNsense, however.