Nginx Ingress returns “400 Bad Request - The plain HTTP request was sent to HTTPS port” after upgrade to v1.12.1 with AWS NLB

Question

We're facing a 400 Bad Request error after upgrading the Nginx Ingress Controller to version v1.12.1 in our EKS cluster. The exact error shown in the browser is:

400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx

We are using an external AWS Network Load Balancer (NLB) with proxy protocol and SSL termination enabled via annotations. This setup was working fine prior to the upgrade.

Here are the key configurations:

apiVersion: v1
kind: ConfigMap
metadata:
  name: ingress-nginx-controller
  namespace: ingress-nginx
data:
  enable-snippets: "true"
  allow-snippet-annotations: "true"
  annotations-risk-level: Critical
  http-snippet: |
    server {
      listen 80;
      listen [::]:80;
      listen 443 ssl proxy_protocol;
      listen [::]:443 ssl proxy_protocol;
      if ($scheme = http) {
        return 308 https://$host$request_uri;
      }
    }
  ssl-redirect: "true"
  force-ssl-redirect: "true"
  proxy-body-size: 20m
  use-forwarded-headers: "true"
  use-proxy-protocol: "true"
  proxy-real-ip-cidr: "172.16.0.0/16"

Service Definition (type: LoadBalancer, using NLB):

apiVersion: v1
kind: Service
metadata:
  name: ingress-nginx-controller
  namespace: ingress-nginx
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "60"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp
    service.beta.kubernetes.io/aws-load-balancer-type: external
    service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: instance
    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:eu-north-1:xxxxxxxxxxxx:certificate/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
spec:
  type: LoadBalancer
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx

What We've Tried: Verified that use-proxy-protocol and proxy-real-ip-cidr are correctly set.

Ensured NLB has a valid ACM certificate.

Ensured the target group type is instance and not ip.

Confirmed that ports 80 and 443 are open and mapped correctly.

Question: What could be causing this 400 Bad Request error after upgrading NGINX Ingress to v1.12.1? Are there any changes in the way the controller handles proxy protocol or NLB in the newer version?

Any insights would be appreciated!