Nginx as Reverse Proxy to Another Server with SSL Handled at Destination Server

This one is a bit of a tricky one to get configured correctly.

So I have an Nginx server acting as a reverse proxy to another server. I’ve managed to run Let’s Encrypt on the ‘other server’ which has successfully generated the certificate. Yet when I enter the hostname in the browser I see the error, “This site can’t provide a secure connection. ERR_SSL_PROTOCOL_ERROR”.

Not sure what I’ve got configured wrong here.

Here is the config for the Nginx Proxy;

server {
    # http
    listen 80;
    # https
    listen 443;

    server_name other-server.example.com;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://{Static Internal IP}:$server_port;
    }
}

And here is the Nginx config on the ‘other server’;

server {
      server_name other-server.example.com;

      root /usr/share/nginx/html/;

      location ~ /.well-known/acme-challenge {
         allow all;
      }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/other-server.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/other-server.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/other-server.example.com/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot

}

server {
    if ($host = other-server.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


      listen 80;
      listen [::]:80;
      server_name other-server.example.com;

      root /usr/share/nginx/html/;

      location ~ /.well-known/acme-challenge {
         allow all;
      }

}