Okay found the issue, it was nothing to do with Caddy and everything to do with how AWS was configured, I re-read the solution found here: https://caddy.community/t/on-demand-ssl-on-ports-80-443-with-health-checks/8312/17
I checked my configuration again and could see that I was only listening on port 443, but not port 80 on the load balancer, so it couldn’t route requests properly. I’ve now added another endpoint group, as described in the ticket above and it works!
Thanks for the help 