server { listen 8443 ssl; server_name .example.org; ssl_certificate tls.d/example.org.chain.crt; ssl_certificate_key tls.d/example.org.pem; root static.d/example.org; } server { listen 8443 ssl; server_name www.example.org; ssl_certificate tls.d/www.example.org.chain.crt; ssl_certificate_key tls.d/www.example.org.pem; root static.d/www.example.org; } ## optional: cut-off server server { listen 8443 ssl default_server bind deferred; server_name _; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ## reject connections early ssl_reject_handshake on; }