And that is the issue. If you want SNI routing you need exact certificates, you cannot have the same backend, because the browser will use existing SSL sessions to speak to all domains covered by the certificate, however the SNI routing only works with the client_hello, before the SSL handshake.
So what happens is that when you start the browser and request remote.domain.dk, it will work. But when you open rdsgw.domain.dk, you browser will reuse the existing SSL session, which is connected to the remote.domain.dk backend.
Either use non-overlapping certificates or terminate SSL on haproxy and use the Host header in the HTTP Protocol to select the correct backend. This won’t work with protocols other than HTTP though.