Anyone familiar with this NGINX error?

aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Scheduled restart job, restart counter is at 4.
aug. 03 20:49:52 nas-2024 systemd[1]: Starting Nginx Web Server...
aug. 03 20:49:52 nas-2024 nginx-pre-start[2806389]: nginx: [emerg] cannot load certificate "/persist/var/lib/tailscale/certs/cert.pem": BIO_new_file() failed (SSL: error:8000000D:system library::Permission denied:calling fopen(/persist/var/lib/tailscale/certs/cert.pem, r) error:10080002:BIO routines::system lib)
aug. 03 20:49:52 nas-2024 nginx-pre-start[2806389]: nginx: configuration file /nix/store/s4f1q4wpfzq07rlp1pkbcavzrgn31lyi-nginx.conf test failed
aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE
aug. 03 20:49:52 nas-2024 systemd[1]: nginx.service: Failed with result 'exit-code'.
aug. 03 20:49:52 nas-2024 systemd[1]: Failed to start Nginx Web Server.

I'm trying to start services.immich w/SSL corts through my services.tailscale, as illustrated in this paste: https://paste.sr.ht/~x10an14/6dc6db515a8695a3a7722b86ff26f2a6aa171af8

I've tried:

1. Copying certs manually into path
2. Chowning them from root to nginx ownership
3. Testet the nginx config file in online browser validators (it passes)
4. Searchin after the error online (can't really find anything w/mention of tailscale, only SELinux/AppArmor really, neither in use on this machine)