ScuttleSE

In essence, all the hosts I was running with the old config had this: ``` location / { proxy_pass http://upstream_server; proxy_set_header Host $host; } ``` That was it, no root

Hm, true, that would accomplish the same thing

Are they all using the same cert-file? In that case it would work fine, but if you have separate certs for the different domains it won't

Since the SSL handshake is done before any headers are loaded, Nginx will use the default SSL-cert on the site if nothing else is defined in the server-section. If that...

Indeed it has, but if you look at the config-file, all of the SSL cert-config is enclosed in its on server-section for bar.com. www.bar.com doesn't know anything about that config,...

The easiest (only?) solution is to duplicate all the SSL-settings you have for bar.com in the server-section for www.bar.com

Exactly. Or, in my case where I don't have a default_server, it seems to default to whichever cert it loads first when restarting... In your case it doesn't make any...

Probably, yeah, I'm gonna do some more testing once I can generate certs at letsencrypt again, accidently hit the rate limiter while testing here earlier :)

Yup, yup, I have already massacred your template-file to get the ssl working and to be able accommodate my "upstream only" servers :)

A PR is definately doable, I'll get one up as soon as I get stuff running here