为解析服务器 IP 的所有服务器名称提供 Nginx SSL 证书

鉴于我在 DNS 中配置了 2 个子域（因此使用我的服务器的 IP 地址对这两个子域进行 ping 操作）并且对于这些子域，我有 2 个不同的 TLS 证书。

我已经以这种方式配置了 nginx：

# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}

# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  ''      '';
}

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

access_log /var/log/nginx.log;
error_log /var/log/nginx_errors.log;

# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;

server {
  listen 80 default_server;
  server_name _; # This is just an invalid value which will never trigger on a real hostname.
  return 503;
  server_tokens off; # Hide the nginx version
}


upstream sub1.domain.tld {
  server 172.17.0.27:5000;
}

server {
  server_name sub1.domain.tld;
  server_tokens off; # Hide the nginx version

  listen 443 ssl;
  ssl_certificate /etc/nginx/ssl/sub1.domain.tld.crt;
  ssl_certificate_key /etc/nginx/ssl/sub1.domain.tld.key;

  location / {
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/htpasswd/sub1.htpasswd;
    proxy_pass http://sub1.domain.tld;
  }
}

在这一点上，如果我全力以赴，https://sub1.domain.tld一切正常。现在，如果我尝试访问https://sub2.domain.tld尚未配置的访问，因此不应该回复它接受连接并向我显示证书的问题，因为它与服务器名称不匹配，所以似乎使用此配置，Nginx 发送证书对 443 端口的所有请求。

https://sub2.domain.tld在我通过添加新server指令对其进行配置之前，我应该如何更改我的配置以使访问失败（例如出现 503 错误）？