OK, this is an old trick shown to me by Tony Keane many moons ago.
When you create a normal oodoo.yourdomain.com it uses the server-manager settings for yourdomain.com and it is just another host at yourdomain.com and treated accordingly, so as you have discovered, so you can't easily get past the server-manager.
So what we need is a host with it's own virtual host settings. But we can't do one host so we cheat and make a DOMAIN, with the name of the required host. And that is enough to fool the system....
We create a 'fakedomain'
In your server-manager add a new domain like oodoo.yourdomain.com (yes, literally a DOMAIN called that)
SME will create you a load of hosts such as:
www.oodoo.yourdomain.comftp.oodoo.yourdomain.com
etc.
You can remove all bar one if required (I just leave servername.oodoo.yourdomain.com)
Now when you update your httpd.conf you should find a completely separate virtualhost called oodoo.domain.com
For Letsencrypt make sure you have a DNS record for oodoo.domain.com - your virtual host should see that 'domain' and point it to the normal .well-known directory
So for instance I wanted rocketchat with a reverse proxy.
I created a new domain called chat.mydomain.com
It just has one host called myserver.chat.mydomain.com
If you have set the template path correctly as per the rocketchat stuff, you will get a completely separate virtual host like this:
<VirtualHost 0.0.0.0:80>
ServerName chat.mydomain.com
ServerAlias
Blah - no server-manager stuff, just your virtualhost templates
</VirtualHost>
<VirtualHost 0.0.0.0:443>
ServerName chat.mydomain.com
ServerAlias
Blah - no server-manager stuff, just your virtualhost templates
</VirtualHost>
So, it's a cheat, but it works.
As far as my users are concerned they go to chat.mydomain.com and they are happy