Ok, finally found the log, and combed it over pretty good, here is a section that stands out as clues, hoping this adds a bit more detail. First thing I notice it is failing to validate the cert on the webmail node, also looks like an error for the reverseproxy.
Here is what I have:
Dec 17 17:32:27 caddy caddy[182]: {"level":"error","ts":1639762347.6534753,"logger":"http.log.error","msg":"x509: cannot validate certificate for 192.168.1.230 because it doesn't contain any IP SANs","request":{"remote_addr":"x.x.147.194:55370","proto":"HTTP/2.0","method":"GET","host":"mail.example.com","uri":"/","headers":{"Accept-Encoding":["br, gzip, deflate"],"Sec-Ch-Ua":["\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"96\", \"Google Chrome\";v=\"96\""],"Sec-Ch-Ua-Mobile":["?0"],"Sec-Ch-Ua-Platform":["\"Windows\""],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],"Sec-Fetch-Site":["none"],"Accept-Language":["en-US,en;q=0.9"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Sec-Fetch-Dest":["document"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","proto_mutual":true,"server_name":"mail.example.com"}},"duration":0.038544006,"status":502,"err_id":"i4thwmwve","err_trace":"reverseproxy.statusError (reverseproxy.go:886)"}
192.168.1.230 is the webmail node that I can not get to load. Will keep plugging away at it, just wanted to share some of the log.
Thanks!