Changing CNAME from DNS-only to Proxied results in HTTP/1.1 409 Conflict [REPOST]

[reposting this question because it got closed due to being similar to a previous topic I made. This is definitely a different problem]

On one of our domains we have cname records that point to DNS targets that were generated with Herokus ACM.
All the cnames are currently with Proxy Status: dns-only. This works ok, but I get complaints that http requests are not automatically redirected to https.
So I set the ‘Always Use HTTPS’ to true in Edge certificates section.
If I now set one such cname record to proxied, it no longers directs to the heroku app.
I get this with curl:

curl -v -L

* Trying
* Connected to ( port 80 (#0)
> GET / HTTP/1.1
> Host:
> User-Agent: curl/7.79.1
> Accept: */*

* Mark bundle as not supporting multiuse
< HTTP/1.1 409 Conflict
< Date: Fri, 16 Jun 2023 14:40:08 GMT
< Content-Type: text/plain; charset=UTF-8
< Content-Length: 16
< Connection: close
< X-Frame-Options: SAMEORIGIN
< Referrer-Policy: same-origin
< Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 01 Jan 1970 00:00:01 GMT
< Server: cloudflare
< CF-RAY: 7d83ce627fe00e84-AMS
* Closing connection 0
error code: 1001

I don’t even know where I could start to look for solution, any hints?

And how is this question

any different from your original thread?

Use your original thread and do not keep opening threads on the same issue.