Does it actually make sense to health check this backend server? Since this is an external service, I’m wondering if there are any benefits at all, or if you are just hammering an external service, maybe even get your IP address banned, all for nothing.
Since you are not using standard health check, but a specific configuration with http-check connect, I think the sni value for health checking needs to be configured there.
So remove check-sni and change the http-check configuration to:
http-check connect ssl port 443 sni fallback.provider.com
FYI: if you are trying to hide the destination hostname, don’t post the complete public certificate of it, because it will also contain that hostname.