Tunnels NGINX 403 error on HTTPS routing

Hello, since I have problems with opening ports on my system I wanted to use Cloudflare Tunnels for the first time to keep at least a few pages like my API and website open.
So I made the following changes to my config.yaml:

tunnel: 0b89bbde-bf0f-455a-9cda-19b7664d77bf
credentials-file: /root/.cloudflared/0b89bbde-bf0f-455a-9cda-19b7664d77bf.json
  - hostname: [sub].[domain].[tld]
    service: https://[sub].[domain].[tld]:443
    noTLSVerify: false/true
    caPool: /home/[domain]/api/ssl/ca.pem
    originServerName: [sub].[domain].[tld]
    http2Origin: true
  - hostname: [domain].[tld]
    service: https://localhost:[port]
  - service: http_status:404
no-tcp-delay: true
noTLSVerify: false
http2Origin: true
  enabled: true

and in the /etc/hosts is following:

[Server IP]       [server host]    [sub].[domain].[tld]   [domain].[tld]

and my NGINX Config looks like that (removed much):

upstream backend {
    server localhost:[portMain] fail_timeout=5s max_fails=3;
    server localhost:[portSecondary] backup;
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate         /home/[domain]/api/ssl/cert.pem;
    ssl_certificate_key     /home/[domain]/[domain]/ssl/key.pem;
    ssl_verify_client off;
#    ssl_client_certificate /home/[domain]/api/ssl/ca.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:[ApiFramework]App:10m;
    ssl_session_tickets off;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_ecdh_curve prime256v1:secp384r1;
#    ssl_stapling on;
#    ssl_stapling_verify on;
#    ssl_trusted_certificate /home/[domain]/api/ssl/cert.pem;
#    ssl_early_data on;
    server_name [sub].[domain].[tld];
    [some headers]
    location / {
        if ($ssl_client_verify != SUCCESS) {
          return 403;
        tcp_nopush on;
        tcp_nodelay on;
        default_type application/json;
#        proxy_cache my_cache;
        proxy_cache_valid 200 302 10m;
        proxy_cache_valid 404 1m;
        proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
        proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
        proxy_cache_background_update on;
        proxy_cache_lock on;
        proxy_cache_lock_timeout 5s;
        proxy_buffers 256 4k;
        proxy_busy_buffers_size 64k;
        proxy_cache_revalidate on;
        proxy_pass https://backend;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_cache_bypass $http_upgrade;
        [some proxy headers]


now I’ve the problem that every time I visit the site that I get the “403 Forbidden” error from NGINX and if I enable the Client Certificate then I get the issue that the Browser doesnt sent a Certificate. The same thing happens if I enable and disable noTLSVerify and if I set the originPoolName and the service to something different I get the issue that the Certificate is issued to a different Domain or is invalid.

I hope that’s enough information to help me thanks!