HTTPS 308 permanent redirection k8s ingress nginx

I have created an EKS cluster following the examples from AWS EKS, I have deployed the nginx ingress controller on top from kubernetes/nginx, Created an ingress resource which points to back end k8s services, However, when I am trying to query via curl -kv https://dev01.cricket.com/demo/hello it returns Permanent Redirect 308

Here is my service-nlb.yaml

    --- (service-nlb.yaml)
kind: Service
apiVersion: v1
metadata:
  name: ingress-nginx
  namespace: default
  annotations:
    **service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http**
    service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "3600"
    service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"
    **service.beta.kubernetes.io/aws-load-balancer-ssl-cert:  "arn:aws:acm:us-west-2:xxxxx:certificate/x-037xxxd-4a1e-x-x"**
    service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS-1-2-Ext-2018-06
    **service.beta.kubernetes.io/aws-load-balancer-ssl-ports: https**
spec:
  ports:
    - name: https
      port: 443
      targetPort: 80

ingress.yaml

```apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  labels:
    app: jg
    env: dev
  name: jg-ingress
  namespace: default
  annotations:
    kubernetes.io/ingress.class: nginx
    **ingress.kubernetes.io/ssl-redirect: "false"**
spec:
  rules:
    - host: dev01.cricket.com
      http:
        paths:
          - backend:
              serviceName: jg-service
              servicePort: 8080
            path: /demo
    - host: dev02.cricket.com
      http:
        paths:
          - backend:
              serviceName: sad-service
              servicePort: 8080
            path: /sad
  tls:
   - hosts:
        - dev01.cricket.com
     secretName: my-tls-secret```

when I am doing curl -kv dev01.cricket.com it returns 308 permanent redirect

curl -kv https://dev01.cricket.com/demo/hello
*   Trying 10.41.168.92...
* TCP_NODELAY set
* Connected to dev01.cricket.com (10.41.168.92) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=dev01.cricket.com; OU=management:idms.group.140787; O=Cricket Inc.; ST=California; C=US
*  start date: Apr 19 08:37:06 2021 GMT
*  expire date: May 19 08:37:05 2023 GMT
*  issuer: CN=Cricket Corporate Server CA 1; OU=Certification Authority; O=Cricket Inc.; C=US
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7ff9eb80d200)
> GET /demo/hello HTTP/2
> Host: dev01.cricket.com
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
< HTTP/2 308
< server: Cricket
< date: Tue, 04 May 2021 16:38:38 GMT
< content-type: text/html
< content-length: 171
< location: https://dev01.cricket.com/demo/hello
< strict-transport-security: max-age=31536000; includeSubdomains
< x-frame-options: SAMEORIGIN
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
<
<html>
<head><title>308 Permanent Redirect</title></head>
<body>
<center><h1>308 Permanent Redirect</h1></center>
<hr><center>nginx/1.17.8</center>
</body>
</html>
* Connection #0 to host dev01.cricket.com left intact
* Closing connection 0

I am not sure why the TLS termination is not happening and the permanent redirect error is happening
if I do the same curl on http it returns 301

curl -kv http://dev01.cricket.com/demo/hello
*   Trying 10.41.162.164...
* TCP_NODELAY set
* Connected to dev01.cricket.com (10.41.162.164) port 80 (#0)
> GET /demo/hello HTTP/1.1
> Host: dev01.cricket.com
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: Cricket
< Date: Tue, 04 May 2021 19:17:26 GMT
< Content-Type: text/html
< Content-Length: 162
< Connection: keep-alive
< Location: https://dev01.cricket.com/demo/hello
<
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>Cricket</center>
</body>
</html>
* Connection #0 to host dev01.cricket.com left intact
* Closing connection 0

backend-service.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: jgdeployment
  labels:
    app: jg
spec:
  replicas: 3
  selector:
    matchLabels:
      app: jg
  template:
    metadata:
      labels:
        app: jg
    spec:
      containers:
      - name: jg
        image: docker.cricket.com/jga:1.0.0
        ports:
        - containerPort: 8080
        livenessProbe:
          failureThreshold: 3
          httpGet:
            path: /demo/hello
            port: 8080
          initialDelaySeconds: 10
          periodSeconds: 10
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /demo/hello
            port: 8080
          initialDelaySeconds: 10
          periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
  name: jg-service
  namespace: "default"
spec:
  type: ClusterIP
  ports:
    - port: 8080
      targetPort: 8080
  selector:
    app: jg

Not sure what I am doing missing to get 308 error on https.