Connection wizards fails behind Reverse Proxy

Hi, I have had NC18.0.14 running happily on a RPi for months. I set it up with https and a LetsEncrypt certificate using mydomain .net FQDN with port forwarding through my router. I connected various clients - phone, PC - all worked fine.

I recently decided to set up a reverse proxy server - using NGINX on another RPi with the NC server running behind it. This now works and I can access the NC server through (Note the nc it is set up as a wildcard FQDN.) This required me to set up another LetsEncrypt certificate this time for on the reverse proxy server.

So I can access NC through the reverse proxy fine. What I cannot do is connect clients, either phone or PCs.

When I start the wizard(s) I enter the address. It then asks me to Connect to my account to grant access from the new device. All normal so far. What then happens is I get a certificate warning ‘The identity of the server could not be verified - the url does not match the host name on the certificate - do you want to trust it anyway?’ The certificate is the one from the NC server for

How should I fix this? Do I need to copy the certificates from the proxy server to the NC server? I don’t want to do anything to increase vulnerability.