Certbot issues

Hello, I have two webservers which I subdomain, they are also on two different VMs.

I am struggling to work Wazuh with Cloudflare. (cloudflare client is also on a different VM)

I installed certbot on the wazuh server.
but I am still unable to get a secure connection with my wazuh server.

I have made tunnels in zero trust (wazuh.website.com)
I feel like I am missing something painfully obvious.

I have followed the instructions using

however, is I don’t turn on No-TLS. it gets a 503 bad gateway.

what am I doing wrong here?