Not logging connections with letencrypt

We have two configurations using haproxy:

  1. Production: With SSL cert on AWS NLB. Haproxy binds to port 80. Logging is working fine, for example:
Jul 14 09:41:04 localhost haproxy[996]: [14/Jul/2021:09:41:04.423] node_gateway api_gateway/ccpsa1 80/0/1/204/285 201 604 - - ---- 4/4/0/1/0 0/0 "POST /capi/v2/users/_get_invoice HTTP/1.1"
  1. Staging: Using letsencrypt cert with haproxy bound to port 443. See below. This configuration logs service starts and stops, but connections don’t get logged. Any idea what I am doing wrong?
cat /etc/haproxy/haproxy.cfg
        log       local0
        #log /dev/log   local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        ssl-default-bind-options no-sslv3
        maxconn 2048
        tune.ssl.default-dh-param 2048

        log     global
        mode    http
        option  httplog
        #option dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        option forwardfor
        option http-server-close
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend apisslproxy
        log     global
        mode    http
        option  httplog
        bind :443 ssl crt /etc/haproxy/
        reqadd X-Forwarded-Proto:\ https
        acl PATH_settcon path_beg -i /console/settlement
        acl PATH_assets path_beg -i /assets
        acl PATH_settlement path_beg -i /settlement
        acl PATH_hc path_beg -i /health_check
        acl PATH_metrics path_beg -i /metrics
        use_backend settcon if PATH_settcon || PATH_assets || PATH_settlement || PATH_hc || PATH_metrics
        acl PATH_kyc path_beg -i /kyc
        use_backend kyc if PATH_kyc
        default_backend api_gateway

frontend www-http
        bind :80
        http-request silent-drop if TRUE

Any help here is appreciated. Does haproxy support logging of connections when it is providing an SSL certificate?