Nginx tests only the request’s header field Host
to determine which server the request should be routed to.
If its value does not match any server name, or the request does not contain this header field at all,
then nginx will route the request to the default server, the first server block if no default is specified,
or determine the default alphabetical order.
TLS does not provide a mechanism for a client to tell a server the name of the server it is contacting. It may be desirable for clients to provide this information to facilitate secure connections to servers that host multiple 'virtual' servers at a single underlying network address.
TLS Server Name Indication extension, allows a browser to pass a requested server name during the SSL handshake and, therefore, the server will know which certificate it should use for the connection.
A SSL connection to your server is established by SSL Handshake before the browser sends an HTTP request.
Since this handshake takes place before the HTTP request containing the host
header is sent, Nginx can't
use the server name
passed over SNI to determine which server block's SSL certificate to use for the handshake.
It will either use the SSL certificate from the default block or from the HTTP block. If the SSL certificate file in
the HTTP block contains multiple domain names (SAN), the server name
passed through with SNI enabled will help determine
which certificate to use for the handshake.