Right … so it was all my fault as expected. Thanks for asking about CloudFlare, it got me looking into the DNS zone and seeing the error.
I got the DNS setup in terraform wrong, and it was still pointing to the old server… Why is that causing a TLS internal error, I don’t know …
Fixing the DNS entry solved the issue right away.