Build looks fine, the configuration is not completely correct, in that there are no ciphers like “TLS13-AES-256-GCM-SHA384” (please see man 1 ciphers), and also, you cannot specify them with the ciphers or ssl-default-bind-ciphers keyword, as they are only for TLSv1.2 and below.
However, OpenSSL has the default TLSv1.3 ciphersuites:
TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
which works just fine.
What exact browser, in what release and on what OS? Only Chrome 70 currently supports TLSv1.3, Firefox has yet to release v63 with TLSv1.3 support. Note that pre-standard draft implementations are not compatible with OpenSSL 1.1.1. So just because it works with Cloudflare, doesn’t mean it will work with OpenSSL. Also you may have TLS intercepting middleboxes in between the server and you, so watch out for that.
I suggest you run the openssl 1.1.1 client locally (not crossing any networks, not using any browsers):
/blah/openssl/1.1.1/target/bin/openssl s_client -connect <hostname>:443 -servername <hostname>
Haproxy v1.8.15 will introduce support for the new OpenSSL API to configure TLSv1.3 ciphersuites, you can check the documentation here: ssl-default-bind-ciphersuites.
If you want to test this now, you can grab the current 1.8 snapshot (which is unreleased, but still a stable branch, so it’s not like you are using a bleeding edge development tree):
http://www.haproxy.org/download/1.8/src/snapshot/haproxy-ss-20181017.tar.gz
However, that is not your problem. Likely your test tools miss support of the (real, standardized) TLSv1.3.