All your DH shares don't match the certificate type already because you use ECDH with either NIST P-256 or X25519 and you likely use an RSA certificate.
The two asymmetric systems (one for key exchange and one for authentication) have nothing to do with each other, you can mix and match them freely (e.g. post-quantum key exchange experiments ran by google and cloudflare).
The two asymmetric systems (one for key exchange and one for authentication) have nothing to do with each other, you can mix and match them freely (e.g. post-quantum key exchange experiments ran by google and cloudflare).
The nginx config to specify the curve (using its openssl name) is this: https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_...