No port-forwarding needed in a local network. You have the template set to ‘HTTPS’ while having an IP address in the ‘Internal’ field. For HTTPS you must provide a FQDN e.g. ‘yourserver.network.com’. This FQDN needs to match with the hostname in the certificate.
Keep in mind that internally the domain name will have to resolve the local IP address.
To be more specific your phones need to be able to resolve that FQDN to the internal address. So changing the hosts file on your PBX will not allow your phones to resolve it. You’d need to have a DNS server on your network that the phones resolve names from that has this entry inside of it so that all clients resolve the name to the internal IP.