First, let me restate some things with the typical terms:
- You have a nginx server that is configured for “SSL Termination”.
- Your nginx server proxies the decrypted HTTPS traffic to the local network (in this case, the same machine)
- Your postgresql server is configured to use SSL authentication (https://www.postgresql.org/docs/current/libpq-ssl.html). This is a fairly esoteric authentication system. You don’t need to do this, and if you do use this - there is no need to use LetsEncrypt certificates, and I’m not even sure they are compatible. This system typically uses self-signed certificates, which you would install on the client (web application) and the database (postgresql).
You should be fine with the 3000 and 3001 applications running decrypted. As far as browsers are concerned, they are talking to a HTTPS server.
You can secure/lock-down postgresql in other ways. Using SSL Certificates is one of the least popular and most complex options to choose.