Ok, your last warning made me rather try the SSL config from the howto on running other websites on the same machine as Discourse.
I have a partial success: when I enter the old http domain, it routes me to the https site and shows the correct certificate. But there is no discourse, only a bad gateway (502).
Also, I had to stop apache2 for enabling the new nginx config, probably because apache2 was still listening on port 443. So now I assume I have to change the port in the in the apache config that listens to SSL to another port, to which nginx needs to forward requests to subfolders it cannot find. How do I configure nginx to do this?
EDIT: Reading through the SSL tutorial again reminded me I needed to add the “templates/web.ssl.template.yml” which I deleted before. Rebuilding took for ever, because “Generating DH parameters” - but in the end, still the same result (bad gateway). I bet I missed to enable SSL in some config file…