Thanks, the SNI hint was very helpful and you’re absolutely right, it would appear the problem is with Traefik.
For anyone else, the curl command I used was:
curl -vik --resolve example.com:443:<local IP> https://example.com/
I can see the page content and the correct TLS certificate is being served (the one I want it to). I really appreciate the help in identifying that and have actually bookmarked the resources I found when searching for info on curl & SNI as it’s clearly a very useful troubleshooting tool. Doubly helpful.
Resources for others in future:
https://hacksbrain.com/2018/08/27/testing-sni-enabled-servers-with-curl/
https://curl.se/docs/manpage.html