Snap-proxy wildcard cert issues

We’re running into issues using a wildcard cert with snap-proxy:

root@ubuntu:~# snap-proxy status
Store ID: { store id }
Status: pending # note that this is no longer pending
Connected Devices (updated daily): 0
Device Limit: None
Internal Service Status:
  memcached: running
  nginx: not running: [Errno -2] Name or service not known
  snapauth: running
  snapdevicegw: running
  snapdevicegw-local: running
  snapproxy: running
  snaprevs: running
root@ubuntu:~#

nginx fails to load with [Errno -2] Name or service not known. It doesn’t look like snap-proxy exposes nginx logs anywhere obvious that I can tell, but taking a guess, I think it’s an issue with the proxy.domain variable. Looking at /snap/snap-store-proxy/current/templates/nginx.conf, I see the following line:

server_name {{ cfg['proxy.domain'] }};

We use a wildcard cert for our domain, and the snap-proxy host is something like ubuntu.domain.com. However, when I specify ubuntu.domain.com as the proxy.domain, I get the following error:

root@ubuntu:~# snap-proxy config proxy.domain="ubuntu.domain.com" 
proxy.domain: ubuntu.domain.com
root@ubuntu~# cat cert key | snap-proxy import-certificate
ubuntu.domain.com domain not supported by this TLS certificate
root@ubuntu:~# 

When I use domain.com, it succeeds

root@ubuntu:~# sudo snap-proxy config proxy.domain="domain.com" 
proxy.domain: domain.com
root@ubuntu:~# cat cert key | snap-proxy import-certificate
TLS certificate for domain.com configured.
root@ubuntu:~# 

But the snap-proxy host isn’t domain.com, it’s ubuntu.domain.com, which (I believe) causes the nginx error. Is there a workaround for this?

As a side note, after changing proxy.domain to ubuntu.domain.com to get a working proxy (albeit without SSL), I can’t remove the cert I added, either by running snap-proxy remove-ca-certs or by trying to manually set proxy.tls.cert (which `snap-proxy config shows is set to the wildcard cert I set earlier):

root@ubuntu:~# snap-proxy remove-ca-certs
error: Could not remove /var/snap/snap-store-proxy/common/ca-certificates.crt
root@ubuntu:~# systemctl restart snapd
root@ubuntu:~# snap-proxy status
Store ID: { id }
Status: approved
Connected Devices (updated daily): 0
Device Limit: 150
Internal Service Status:
  memcached: running
  nginx: not running: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
  snapauth: running
  snapdevicegw: running
  snapdevicegw-local: running
  snapproxy: running
  snaprevs: running
root@ubuntu:~# # snap-proxy config shows proxy.tls.cert as the cert I set earlier
root@ubuntu:~# snap-proxy config proxy.tls.cert=""
no TLS certificate data
root@ubuntu:~# snap-proxy config proxy.tls.cert=
no TLS certificate data
root@ubuntu:~# snap-proxy config proxy.tls.cert="foo"
could not parse TLS certificate (PEM format)
root@ubuntu:~#

Bumping this topic as we never got a resolution