This tells Certbot to answer the TLS-SNI challenge on port 8888, but Let's Encrypt will try to validate that challenge on port 443, so the validation will fail. You should remove this flag. That may result in a permission denied error if HAProxy is already listening on that port. There are various options to address that, but while you're here you should read this: What you need to know about TLS-SNI validation issues.
My recommendation is that as long as your spending some time updating your config, you should update it to work with the HTTP-01 or DNS-01 challenge.