Nginx + lets encrypt

Hello,
i spent many hours on this issue:
I own a custom domain address.com which is properly bind to static IP: 220.1.2.3.

My system should work like this:

ha.address.com -> 220.1.2.3 -> 192.168.1.30:8123 (SSL) #HA Server - certificate from lets encrypt for ha.address.com + *.address.com
address.com -> 220.1.2.3 -> 192.168.1.50(:443) (SSL) #Web server - should took cert from 192.168.1.30

My NGINX Home Assistant SSL proxy configuration:

domain: ha.address.com
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf
real_ip_from: []

configuration.yaml:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24  # IP range for Nginx Proxy in Docker network
    - 192.168.1.0/24  # Nginx running in local network

I am running HA on HA Yellow.
I can see the fullchain.pem and privkey.pem in the /ssl directory. I get the certificates through Lets Encrypt DNS method.

Why is my certificate not working? What am I doing wrong? How should I change the NAT Rules on the router?

Thank you,
Michal

Could you describe the actual symptoms of “not working”, please.
Note that the addon will only accept ha.address.com and nothing else, so the address.com -> 220.1.2.3 -> 192.168.1.50(:443) should be sone some other way.

Sure,
on my router I have created rule:

dnsnat
dst address: 220.1.2.3
protocol: tcp
dst port: 443
action: dns-nat
To addresses: 192.168.1.30
to port: 8123

and the same for port 80->8123

http://ha.address.com shows the login page of HA
https://ha.address.com and https://address.com shows ERR_SSL_PROTOCOL_ERROR

“dns-nat”? Which router is it?

There seem to be a port forward from 80 → ha:8123, but I don’t see it in that config (nor do I know what “dns-nat” means for your router)
Furtermore, the nginx addon listen on 443, not 8123