mqtt ssl / haproxy / SSL Handshake failure

I am trying to connect using the iot package to an mqtt broker but I can’ t manage to connect using SSL.
My ssl certificate is terminated to an HAProxy and other mqtt clients connect fine even from windows 7 outdated using older cipher but the mikrotik won’t connect. I get SSL Handshake failure to the haproxy log and connection failed to the mikrotik.
I wonder whether I need to download manually a certificate and choose it in the broker/certificate but of course that would be an issue because if I have it installed in thousands mikrotiks the moment I will need to change the certificate in my server I would need to modify all mikrotiks.
If I connect directly to the broker without ssl to 1883 it works fine.

Some other suggestions would also be to be able to disable a broker and to disconnect/connect from winbox not only cli.

You don need to set the certificate in /iot/mqtt/brokers

But you do need to have a the root certificate for the mqtt servers certificate on the router. From ROS7.19 forward, the os itself includes root certificates for many common certificate authorities, so if for instances using a letsencrypt certificate on the server, it wont be necessary to install the root certificate from ROS7.19. There you will just have to enable trust to the included root certificates:

/certificate/settings/set builtin-trust-anchors=trusted

If using self signed certificates the process will be the same independent of your version.