Thanks for doc link @linkp. Within that doc is below so a path is allowed. But, seems like haproxy is not selecting the right cert. Maybe using a full filename will help. Or, review all the certs in that folder to ensure there are no expired ones. My guess is there probably is one.
You can also set the crt argument to a directory. When set to a directory, the load balancer will use Server Name Indication (SNI) to search the directory for a certificate that has a Common Name (CN) or Subject Alternative Name (SAN) field that matches the requested domain, which the client sends during the TLS handshake.