There also ought to be an error log from nginx showing why the TLS connection is failing (perhaps in /var/log/nginx).
Finally, I am not entirely persuaded that the TLS connections are reaching your nginx server at all, as opposed to some kind of firewall or proxy. Compare this thread:
The self-signed cert that can still be obtained is also from "Mini Webservice Ltd" which seems like it's probably the same appliance.