Who should request the certificate? Nginx Reverse Proxy

Sorry if this has been asked before, or if it is too obvious, but I am rather new to ssl encryption, but i like to learn.
Here is my Situation:
I run an Openwrt Router with nginx, compiled with ssl. It shall serve a small static page + forward to the LuCi Webinterface running on uhttpd + forward to several webservices running on a Synology NAS + probably other stuff on a raspi, not decided yet. I managed to get reverse proxy running, so this is fine.
For letsencrypt, I use(d) a Luci Webfrontend app, however, since this solution concentrates on uhttpd, this will probably change. Nevertheless, i was able to get a certificate for my ddns Domain (subdomain.domain.net), as well for the router (machine.subdomain.domain.net).
I am able to call the pages on both with https, so i guess thats fine. (both certs are on the router, and requested by the router)
Now the thing where it isn’t obvious for me. Who should call the other certs? (2ndmachine.subdomain.domain.net). Must the router request it? Or the NAS? Or do i need to somehow copy this certs?
Because right now, i used the inbuild mechanism from synology to generate the 3rd cert, but when i open that site, i get a cert error. (I guess because nginx is the first instance that is called, it has no cert, thus fails?) but when the router generates this cert as well, won’t it fail then when “forwarded” to the NAS?

Again, sorry if this is rather obvious, but my searches didn’t give me the correct answer.

Ok, I felt lucky, tried and it works as expected. Router fetches all certs, nginx does the rest.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.