Você precisa dividir vhosts da parte ssl listening / configuration:
Parte de escuta:
server {
listen 127.0.0.1:443 default_server ssl;
server_name _;
ssl_certificate /etc/ssl/wildcard.cer;
ssl_certificate_key /etc/ssl/wildcard.key;
}
E agora vhosts:
server {
listen 127.0.0.1:443;
server_name a.example.com;
root /data/httpd/a.example.com;
}
server {
listen 127.0.0.1:443;
server_name b.example.com;
root /data/httpd/b.example.com;
}