Hello–
Oh, okay, that is totally expected.
Method 1:
All you did was point DNS for the hostname to the server. The hostname does not have a corresponding vhost or index file. You pointed the domain, but there isn’t actually a website.
The SSL created under Server> SSL certificates for the hostname ONLY covers port 2443. --it is creating a SSL cert for the Internal Apache instance to use for the hostname.
When you access https://hostname.com, you are accessing the hostname over port 443, using the system-level Apache version.
So Apache sees the request for hostname.com over 443 on IP address 123.45.67.
Apache looks for a vhost matching hostname.com over 443 on IP address 123.45.67. It doesn’t see one.
But it knows you want something from the server over 443 for that IP address, so it looks at the first vhost, alphabetically, on the server, that has a 443 section, and serves that, instead.
It’s basically this, but with the hostname instead of another SiteWorx account: Wrong Website Showing Over HTTPS — InterWorx documentation
If there weren’t any SiteWorx accounts on the server, or there were no vhosts with a 443 section for 123.45.67, Apache would then look at /var/www/html for an index file to serve. If it didn’t see anything there, it would give a 403, or serve the generic Alma or Rocky Linux welcome page, however your server is set up. (this: 403 Forbidden Error or OS-Specific Apache Page Showing Over HTTPS — InterWorx documentation)
When you specify using port 2443 for hostname.com in the url, that shows as all good because port 2443 is the internal Apache instance for InterWorx. That has an SSL cert that covers it for the hostname.
Method 2:
Since the hostname was created as a SiteWorx account, it DOES have a corresponding vhost, as well as an index file. It is both a domain that is pointed to the server AND a website.
And, since you created its SSL cert in SiteWorx, the vhost also has a 443 section.
So when you go to https://hostname.com, the server-level Apache instance looks for a vhost matching hostname.com over 123.45.76 with a 443 section. It sees this, so it serves hostname.com over 443 with the corresponding SSL cert, using the index file in the homedir of the SiteWorx account.
Since you then applied the domain-level SSL cert to the system services, that same SSL cert ALSO now covers port 2443. So when you access hostname.com:2443, the internal Apache instance can also see it.
So the difference really all just comes down to, do you want hostname.com to be a website, with a vhost and index file, OR do you want hostname.com to just be a domain that resolves to the server.
Hopefully that explaination makes sense. Let me know if it doesn’t–SNI is weird, lol. 
re Webmail, that has its own proxy set up, so that it basically automatically does the redirect from siteworxdomain.com/webmail to hostname.com:2443/webmail, just a different way.
Thanks,
-Jenna