cannot access https://domain:10000 error ERR_SSL_VERSION_OR_CIPHER_MISMATCH

I think I have royally screwed something up. After fiddling with letsencrypt, doing it through certbot CLI, I managed to have my sites working properly with https.

I started seeing how confusing this started getting because letsencrypt uses a different directory to store the certs, virtualmin puts them somewhere and dovecot puts them somewhere etc., urgh
I do not recall doing any edits out of the ordinary but I’m sure I touched something. A couple of days later dovecot started complaining (I could not get mail) with error:
imap-login: Fatal: Couldn’t parse private ssl_key: error:0906D06C:PEM routines:PEM_read_bio:no start line: Expecting: ANY PRIVATE KEY

I was mobile that day and never even touched the server. So I started troubleshooting, I even tried under Manage SSL Certificates and Copy to Dovecot. This made things worse with error:
imap-login: Fatal: Can’t load private ssl_key: Key is for a different cert than ssl_cert

Now I could not even check email with roundcube and dovecot was not responding when trying to restart. I rebooted the server and now I cannot access virtualmin from my primary domain, getting error:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I can access it from some other domains, but not all of them. several domains give the browser error above but other domains I can get in to virtualmin.

I don’t even know where to start anymore…

Can I just regenerate the ssl for virtualmin? I also wanted to do this for the dovecot self-signed certificates…

So I have managed to fix the dovecot problem by generating new cert and key to /etc/pki/dovecot/certs which /etc/dovecot/conf.d/10-ssl.conf is looking. My problem was /etc/dovecot/dovecot.conf had for a couple of my domains:
!include_try local.conf
local_name domain.ca {
ssl_cert = </home/domain/ssl.cert
ssl_key = </home/domain/ssl.key
}
local_name www.domain.ca {
ssl_cert = </home/domain/ssl.cert
ssl_key = </home/domain/ssl.key
}

This was being read after the 10-ssl.conf, which my primary domain had bad *.cert and *.key. I managed to use virtualmin and generate new *.cert and *.key for my prime domain, which added stuff to httpd.conf that I had to change back to letsencrypt path.

Once I fixed all that I still get the error when trying to browse to https://domain.ca:10000/ = ERR_SSL_VERSION_OR_CIPHER_MISMATCH. Again I can still access virtualmin from another domain on the same server but not all domains work. Any idea what I am missing to have this work for my prime domain?