I have a few domains/vhosts set up on my server and I recently disabled one of them. When I wanted to make sure that it wasn't online anymore and tried to access it I noticed that nginx had picked one of my other vhosts (from dokku) as the default server for https:443. That's no good.

It's easy to remedy though, I found the fix here but I'll put it here as well for keeping.

Create default zone

(sudo) touch /etc/nginx/sites-available/00-default
ln -s /etc/nginx/sites-available/00-default \
      /etc/nginx/sites-enabled/
nano /etc/nginx/sites-available/00-default
server {
    server_name _;
    listen       80  default_server;
    return       404;
}

server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    return       404;
}

Add cert

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
# Test conf
sudo nginx -T
# Reload
sudo service nginx reload

This has the minor drawback of presenting the user with the invalid certificate warning but unless you want to do this for all your vhosts, it's the way to go.

Invalid certificate