This is the kind of things a reverse proxy is used for. NGINX for example (it’s what I use).
NGINX is the only thing that looks at the certificate. And I only have to forward a single port to my router.
From there, NGINX redirects traffic to the correct destination for me. In my case, it redirects all traffic to my Home Assistant webpage on port 8123. This redirection can be to any place you want. And it can be multiple places as you configure it based on the incomming url.
So you could have one location point to your HA instance. And another location point to some other webserver on your network. And those web servers don’t have to do their own SSL stuff!
This also means that my local home assistant is running without encryption on the LAN only. This is super useful as there are tons of things you might have that cannot connect with a SSL certificate. And even if they do, there is a lot of cpu overhead associated with doing that.
I would recommend looking into a reverse proxy and getting it set up.