You should set up HOSTNAME (public domain like host.mydomain.com) for server remote access. Other hostnames for mail servers like smtp, pop, imap, ftp should be configured like the same. Make sure to updated DNS for all registered host and instance names.
WHM/Cpanel creates default self-signed ssl, this ssl never works. You should purchase Trusted CA certificate for hostname you’ll use to access server on remote like host.mydomain.com. As per CAB forum guideline, no CA will provide you ssl for IP address.
Conclusion:
Set up server remote access hostname > purchase SSL for public domain hostnames.
It should work fine like :
https://host.abcdomain.com/whm
https://host.abcdomain.com:2087
https://host.abcdomain.com/cpanel
If you need to configure a single host name on ssl, you should purchase single domain ssl.
If you need ssl for host, pop, ftp, smtp and more, you should purchase wildcard ssl certificate.