afaik LE only uses 80 for verification,
but i have it forwarding both 80 and 443 to either my webserver or MiaB based on hostname
Probably … get rid of the proxy and it sounds as though your issue is solved.
Problem is I have other things running though that proxy
I cant change it as i only have the single public IP so use the proxy to route to other internal services
Then either you are going to have to manually renew the LE certs or install MiaB as it was designed, on a VPS not behind any kind of proxy.
I wonder if haproxy changes the headers from what acme-client is expecting? Or maybe that would be a different error.
Proxies sometimes add a layer of unexpected complexity. I would like to know how to work around such problems, though I previously and for a long time had MiaB behind a simple pfSense firewall without issue.