Port forward all http(s) to haproxy for SNI with LE/nginx, and restrict some TCP/mysql access per IP

I found this post which clarifies for me i.t.o the subdirs.

Is it better and/or more stable to use crt-list as indicated in this post, or does it end up being pretty much the same either way?

Thanks