If you use an external load-balancer in front (like elastic aws) and the traffic behind that load balancer is unencrypted, you need to specify that in the piplanning.cfg. If you don't, the frontends will try to connect via a insecure (ws) connection (and will fail).
To specify that:
- Open the piplanning.cfg file
- Look for the line 'backend_tls_only' and set it to 'yes'