Changing CNAME from DNS-only to Proxied results in HTTP/1.1 409 Conflict

On one of our domains we have cname records that point to DNS targets that were generated with Herokus ACM.
All the cnames are currently with Proxy Status: dns-only. This works ok, but I get complaints that http requests are not automatically redirected to https.
So I set the ‘Always Use HTTPS’ to true in Edge certificates section.
If I now set one such cname record to proxied, it no longers directs to the heroku app.
I get this with curl:

curl -v -L

* Trying
* Connected to ( port 80 (#0)
> GET / HTTP/1.1
> Host:
> User-Agent: curl/7.79.1
> Accept: */*

* Mark bundle as not supporting multiuse
< HTTP/1.1 409 Conflict
< Date: Fri, 16 Jun 2023 14:40:08 GMT
< Content-Type: text/plain; charset=UTF-8
< Content-Length: 16
< Connection: close
< X-Frame-Options: SAMEORIGIN
< Referrer-Policy: same-origin
< Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
< Expires: Thu, 01 Jan 1970 00:00:01 GMT
< Server: cloudflare
< CF-RAY: 7d83ce627fe00e84-AMS
* Closing connection 0
error code: 1001

I don’t even know where I could start to look for solution, any hints?

Believe this was solved via a second thread @tech39?