When there is no SNI match the default certificate will be served. You are pointing haproxy to a directory so the default certificate is probably the one that comes first alphabetically.
If you want a different default cert, specify it manually before.
bind *:443 ssl crt /etc/ssl/private/default.pem crt /etc/ssl/private/
You can instruct haproxy to abort the SSL connection in this case, by setting strict-sni:
bind *:443 ssl crt /etc/ssl/private/ strict-sni