Not logging connections with letencrypt

We have two configurations using haproxy:

  1. Production: With SSL cert on AWS NLB. Haproxy binds to port 80. Logging is working fine, for example:
Jul 14 09:41:04 localhost haproxy[996]: 210.200.69.57:42375 [14/Jul/2021:09:41:04.423] node_gateway api_gateway/ccpsa1 80/0/1/204/285 201 604 - - ---- 4/4/0/1/0 0/0 "POST /capi/v2/users/_get_invoice HTTP/1.1"
  1. Staging: Using letsencrypt cert with haproxy bound to port 443. See below. This configuration logs service starts and stops, but connections don’t get logged. Any idea what I am doing wrong?
cat /etc/haproxy/haproxy.cfg
global
        log 127.0.0.1:514       local0
        #log /dev/log   local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon

        # Default SSL material locations
        ca-base /etc/ssl/certs
        crt-base /etc/ssl/private

        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL). This list is from:
        #  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
        ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
        ssl-default-bind-options no-sslv3
        maxconn 2048
        tune.ssl.default-dh-param 2048

defaults
        log     global
        mode    http
        option  httplog
        #option dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
        option forwardfor
        option http-server-close
        errorfile 400 /etc/haproxy/errors/400.http
        errorfile 403 /etc/haproxy/errors/403.http
        errorfile 408 /etc/haproxy/errors/408.http
        errorfile 500 /etc/haproxy/errors/500.http
        errorfile 502 /etc/haproxy/errors/502.http
        errorfile 503 /etc/haproxy/errors/503.http
        errorfile 504 /etc/haproxy/errors/504.http

frontend apisslproxy
        log     global
        mode    http
        option  httplog
        bind :443 ssl crt /etc/haproxy/redacted.com.pem
        reqadd X-Forwarded-Proto:\ https
        acl PATH_settcon path_beg -i /console/settlement
        acl PATH_assets path_beg -i /assets
        acl PATH_settlement path_beg -i /settlement
        acl PATH_hc path_beg -i /health_check
        acl PATH_metrics path_beg -i /metrics
        use_backend settcon if PATH_settcon || PATH_assets || PATH_settlement || PATH_hc || PATH_metrics
        acl PATH_kyc path_beg -i /kyc
        use_backend kyc if PATH_kyc
        default_backend api_gateway

frontend www-http
        bind :80
        http-request silent-drop if TRUE

Any help here is appreciated. Does haproxy support logging of connections when it is providing an SSL certificate?