HAProxy community

Re-encryption getting: 504 Gateway Time-out

Hi hope its OK to post this here.
I’m hawing problem configuring haproxy with re-encryption.
For some reason I need to re-encrypt all traffic to the backend servers.
I have tested the setup with no encryption to backend and that works fine.
But when use encryption I cet the error “504 Gateway Time-out”.
I can go straight to the backend server using http or https without problems.
Have tested to telnet from the proxy server to backend on 443 that is OK.
The urls are similar to this one "https://proxy.xxxxx.net/name/server/site/worker/xxxxx
The backends are IIS servers.
Am I doing something wrong or misunderstanding.

Would be great to get input and/or guidelines if someone has.

Version: HAProxy version 1.8.23-1ppa1~bionic, released 2019/11/26 running on Ubuntu.

Here is similar to what I have configured. Server names and paths changed.
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
stats timeout 30s
user haproxy
group haproxy
# Default SSL material locations
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
tune.ssl.default-dh-param 2048
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
log global
mode http
option httplog
option dontlognull

    timeout connect 25000ms
    timeout client 60000ms
    timeout server 60000ms
    timeout queue 60000ms
    timeout http-request 15000ms
    timeout http-keep-alive 15000ms
    option http-server-close

frontend http
bind *:80
bind *:443 ssl crt /etc/haproxy/certs/haproxy_full.pem
#If path inclues begining defined in the acls file trafic is outed to prod_2
acl cond1 path_beg -i -f /etc/haproxy/customer-redirects.acls
use_backend prod_2 if cond1
default_backend prod_1

backend prod_1
mode http
#server prod_app1 prod_1.abc.net:80 check #Works as expected if I use 80
server prod_app1 prod_1.abc.net:443 check ssl verify none
#server prod_app1 prod_1.abc.net:443 check ca-file /etc/haproxy/certs/ca.complete.crt # used this one without success same error.

backend prod_2
mode http
server prod_app2 prod_2.abc.net:80 check
#server prod_app2 prod_2.abc.net:443 check ssl verify none #Not working