Hi, if I may, I think the suggestion from Lukas is the correct one.
You should define 2 target groups:
- http_tg, on port 80
- https_tg, on port 443
They can (and should) target the same autoscaling group.
That way, the ssl traffic will correctly be sent to the ssl port on haproxy. (I guess you are only forwarding traffic to TCP/80 with you current setup).