Yes your summary is correct. Keep in mind if you create a new website you won’t need to modify .htaccess because the virtual host settings can connect using HTTPS if selected.
It is best to check with the CA vendor when using subdomains as their services vary. For example
Let’s Encrypt supports
sub domains but some vendors do not.
The
Synology knowledge base has good info on creating a CSR for domains and subdomains using DSM.
Regarding adding the HTTPS htaccess entry, this is useful for visitors that may have book marked your site. Browsers store the URL info and switching from http to https or https to http can cause issues. The 301 in the command line let’s browsers know the change you’re making is permanent.