When you proxy to someinternal.ip, there’s an implicit scheme and port, so Caddy will be trying to connect to http://someinternal.ip:80/. If it’s actually available over HTTPS, you’ll want to specify https://someinternal.ip:port/.
Now, if you’re using HTTPS for an IP address internally, it’s not publicly validated. That means Caddy won’t connect unless you tell it, explicitly, to skip verification of the upstream certificate. To do that, you want to use the insecure_skip_verify subdirective for proxy.