nginx using wrong ssl certificate

I have nginx set to serve several sites using subdomains. I set the first one to use ssl as follows:

ssl on;
ssl_certificate        /etc/nginx/certs/subdomain1.domain.crt;
ssl_certificate_key    /etc/nginx/certs/subdomain1.domain.key;

This works well whenever connecting to https://subdomain1.domain.tld. However, defining an analogous specification for another subdomain to use ssl makes nginx to always serve subdomain1.domain.crt to the user, rather than to serve the adequate certificate...

Server Name Indication (SNI) is enabled in nginx, and I double checked the certificates paths.. What could be the problem?

For reference, I checked the tutorial described in [1], and it indeed follows my setup.

[1] https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-nginx-on-ubuntu-12-04

The full nginx configuration files follow:

server {
       listen         80;
       server_name    subdomain1.domain.tld;
       return         301 https://$server_name$request_uri;
}

server {

    listen subdomain1.domain.tld:443;
    server_name subdomain1.domain.tld;

    ssl on;
    ssl_certificate        /etc/nginx/certs/subdomain1.domain.tld.crt;
    ssl_certificate_key    /etc/nginx/certs/subdomain1.domain.tld.key;

    root /usr/share/nginx/www/subdomain1.domain.tld;
    index index.php index.html index.htm;

    location ~ \.php$ {

        fastcgi_pass unix:/etc/php5/fpm/socks/ssl_subdomain1.domain.tld.sock;
        include fastcgi_params;
        fastcgi_param HTTPS on;

    }

    location ~ /\. {
        deny all;
    }

    access_log /home/clients_ssl/subdomain1.domain.tld/logs/access.log;
    error_log /home/clients_ssl/subdomain1.domain.tld/logs/error.log;
    error_page 404 /404.html;

}

and the other one is actually serving gitlab:

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}

server {
  listen 443;         
  server_name gitlab.domain.tld;     
  server_tokens off;     # don't show the version number, a security best practice
  root /home/git/gitlab/public;

  ssl on;
  ssl_certificate        /etc/nginx/certs/gitlab.domain.tld.crt;
  ssl_certificate_key    /etc/nginx/certs/gitlab.domain.tld.key;


  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab unicorn)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://gitlab;
  }
}

further, my nginx.conf is rather standard:

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http { 

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip on;
    gzip_disable "msie6";

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}