This is related to TLS 1.2. We use 18.104.22.168. We defined a fallback to TLS 1.1 and everything works. Nevertheless: TLS 1.2. does not work with this server. (other serves with 1.2 works without any problems)
Other general questions:
The proxy creates new certificates for the connection with the client.
What will be copied to the new certificate:
The commonname 1:1?
What happens with wildcard zertificates? copies the wildcard CN or does the proxy change the CN to the real one?