Your second message mentions the body size setting, not the header size setting. Header size is controlled by client_header_buffer_size and large_client_header_buffers, which you’d set via the KONG_NGINX_HTTP_CLIENT_HEADER_BUFFER_SIZE and KONG_NGINX_HTTP_LARGE_CLIENT_HEADER_BUFFERS environment variables.
That example curl request isn’t passing any cookies (the most likely reason the headers are large), whereas your browser normally will send any cookies it has set, which is why you’re seeing different results there. The certificate configuration looks fine (you’d see a different error in your browser request otherwise).