By default, Azure Application Gateway probes backend servers to check their health status and to check whether they're ready to serve requests. You can use the default health probe or custom probe. So you should check the backend health first. if the backend health for all the servers in a backend pool is unhealthy or unknown, you might encounter problems when you try to access applications.
The default probe request is sent in the format of
://127.0.0.1:/. For example, http://127.0.0.1:80 for
an http probe on port 80. Only HTTP status codes of 200 through 399
are considered healthy. The protocol and destination port are
inherited from the HTTP settings.
In this case, you could set the probe for HTTPS like https://<host>:443/path. For the host, you could check the box of Pick host name from backend HTTP settings or not. You also could set the probe to specify a path and recognize a different status code as Healthy.
If the health check is failed at 443 port, not sure the detailed error message on your side, probably it might be that the Application Gateway instances could not reach the backend server on the TCP port 443. You could try these solutions in this article.
For more information, you could refer to troubleshooting bad gateway errors in Application Gateway.
Please let me know if this works or show your detailed error message for further help.
