On Sun, Aug 16, 2020 at 02:34:27PM -0400, trondd wrote: > Oh, I see what you're doing. BOTH listen lines are active in the second > server block. When you connect to port 443 with that config, which TLS > settings does it use? I want to guess that because you're lisening on > port 8000 without tls first, the listen with tls is skipped along with the > tls block below it.
No, listen TLS isn't skipped for sub.domain.tld >> This indeed listen on same address ($ext_ip) and same port (443) >> and works as intended with different cipher and ecdhe.
