alrighty, some google time later and a rabbit hole of firewalld rules that have been added, borked everything and deleted again I’ve found the culprit 
after check the no route to host error I came accross this: Docker - No route to host - Stack Overflow
more specific:
firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=172.27.0.0/16 accept'
firewall-cmd --reload
Which borked everything completely.
Removed the rule, rebooted the 3 hosts.
After some firewalld logs checking i saw this:
docker-ingress failed iptables no chain/target/match by that name
Down the google rabbit hole:
Iptables no chain/target/match by that name docker - Quick fix!.
Basicly the docker service starts up before the firewalld service does. The docker service adds the firewall rules, so since the firewall service isn’t running, it can’t be added and therefore has no way of getting out.
A simpel service docker restart fixes everything 
(I had to revert back to the FQDN instead of ip address since the cert doesn’t match the hostname obviously).
So case closed and fixed. Thanks again @pablo