linux

Nginx+Proxypass+SSL on red machines?

Good afternoon colleagues.
The question is the following. There is a hypervisor, ProxMox. Raised 2 machines
Machine 1: Webserver (ispmanager) as a hosting platform for clients, everything works well, no questions. Apache+Nginx
Machine 2: Use Azuracast to broadcast a bunch of radio stations on the internet. Front - nginx
Essence:
A web domain is created on machine 1, in the Nginx settings there is a proxy pass on Machine 2, it looks like this:

server {
  server_name stream.saltmedia.online ;

  location / {
    location ~ [^/]\.ph(p\d*|tml)$ {
      try_files /does_not_exists @fallback;
    }
    location ~* ^.+\.(jpg|jpeg|gif|png|svg|js|css|mp3|ogg|mpe?g|avi|zip|gz|bz2?|rar|swf)$ {
      try_files $uri $uri/ @fallback;
    }
    location / {
      try_files /does_not_exists @fallback;
    }
  }
  listen 10.10.0.100:80;
  location @fallback {
    proxy_pass http://10.10.0.5:80;
    proxy_redirect http://10.10.0.5:80 /;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Port $server_port;
    access_log off;
  }
  listen 10.10.0.100:443;
  location @fallback {
    proxy_pass http://10.10.0.5:443;
    proxy_redirect http://10.10.0.5:443 /;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Port $server_port;
    access_log off;
  }
}

Everything opens well and everything is ok. But I wanted to fasten the LetsEncrypt certificate, of course ISP does not fasten it, since proxypass is there, I received the certificate on the target machine (Machine 2), I received it successfully, nothing was swearing. BUT when I access the domain of the second machine via https (stream.saltmedia.online), I see a completely different certificate, which apparently throws Nginx on the first machine:

curl -vvI https://stream.saltmedia.online
* Rebuilt URL to: https://stream.saltmedia.online/
*   Trying 5.189.239.168...
* TCP_NODELAY set
* Connected to stream.saltmedia.online (5.189.239.168) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
<b>*  subject: CN=cloud.saltmedia.online</b>
*  start date: Nov 30 22:08:13 2019 GMT
*  expire date: Feb 28 22:08:13 2020 GMT
*  subjectAltName does not match stream.saltmedia.online
* SSL: no alternative certificate subject name matches target host name 'stream.saltmedia.online'
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'stream.saltmedia.online'

The question is how to see the received certificate ....
Thank you in advance)