Actual web URLs redacted

My issue is that I am trying to point my site with host mail (mail.example.com) to Google Apps.

I have a CNAME record for mail.example.com pointing to ghs.googlehosted.com. and the Google Apps admin panel shows the website is properly connected. It used to all work before I configured SSL with certbot.

This is my nginx config:

server {
    listen 80;
    listen [::]:80;

    server_name example.com www.example.com; # actual URL names redacted
    root /var/www/ghost/system/nginx-root;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:2368;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;

    # Redirect non-https traffic to https
    # if ($scheme != "https") {
    #     return 301 https://$host$request_uri;
    # } # managed by Certbot

    listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}