problem with ssl-upstream and vpn interface about unbound HOT 2 OPEN

For the ssl-upstream setup, the config is wrong:
ssl-service-key: "/etc/ssl/certs/ca-certificates.crt"
This should be the private key, and ssl-service-pem the public key, of your tls service (for downstream TLS, by the way, not upstream).
The ca certificates go into an option called tls-cert-bundle, which was introduced in version 1.7.1 I think, so 1.6.0 is not going to work. For the upstream connection itself, you have to also specify where it goes, I mean, like the forward-addr destination. Here is a configuration example for tls upstream, in the 1.7.1 release anouncement. https://nlnetlabs.nl/news/2018/May/03/unbound-1.7.1-released/

from unbound.

about the vpn part of the quesiton,
it seems that my vpn is hijacking all dns queries besides those sent through some port.
How would I specify port 1400 udp and 1401 tcp for example? maybe I can't specify the protocol ?

EDIT: no need to contraint unbound to certain port, I had to connect to the vpn server to a specific port to apparently not having that system put in place by the vpn provider(absurd IMO). so for the vpn part it is resolved, there is still the problem with the ssl-upstream, I suppose I didn't configure that correctly? but checkconf didn't notice me of any errors.

from unbound.