diff --git a/certbot-nginx/tests/boulder-integration.conf.sh b/certbot-nginx/tests/boulder-integration.conf.sh
index c38180698..4374f9094 100755
--- a/certbot-nginx/tests/boulder-integration.conf.sh
+++ b/certbot-nginx/tests/boulder-integration.conf.sh
@@ -49,9 +49,9 @@ http {
 
   server {
     # IPv4.
-    listen 5002;
+    listen 5002 $default_server;
     # IPv6.
-    listen [::]:5002 default ipv6only=on;
+    listen [::]:5002 $default_server;
     server_name nginx.wtf nginx2.wtf;
 
     root $root/webroot;
@@ -62,5 +62,36 @@ http {
       try_files \$uri \$uri/ /index.html;
     }
   }
+
+  server {
+    listen 5002;
+    listen [::]:5002;
+    server_name nginx3.wtf;
+
+    root $root/webroot;
+
+    location /.well-known/ {
+      return 404;
+    }
+
+    return 301 https://\$host\$request_uri;
+  }
+
+  server {
+    listen 8082;
+    listen [::]:8082;
+    server_name nginx4.wtf nginx5.wtf;
+  }
+
+  server {
+    listen 5002;
+    listen [::]:5002;
+    listen 5001 ssl;
+    listen [::]:5001 ssl;
+    if (\$scheme != "https") {
+      return 301 https://\$host\$request_uri;
+    }
+    server_name nginx6.wtf nginx7.wtf;
+  }
 }
 EOF
diff --git a/certbot-nginx/tests/boulder-integration.sh b/certbot-nginx/tests/boulder-integration.sh
index f236fb103..d6bd767ce 100755
--- a/certbot-nginx/tests/boulder-integration.sh
+++ b/certbot-nginx/tests/boulder-integration.sh
@@ -1,4 +1,4 @@
-#!/bin/sh -xe
+#!/bin/bash -xe
 # prerequisite: apt-get install --no-install-recommends nginx-light openssl
 
 . ./tests/integration/_common.sh
@@ -6,13 +6,15 @@
 export PATH="/usr/sbin:$PATH"  # /usr/sbin/nginx
 nginx_root="$root/nginx"
 mkdir $nginx_root
-original=$(root="$nginx_root" ./certbot-nginx/tests/boulder-integration.conf.sh)
-nginx_conf="$nginx_root/nginx.conf"
-echo "$original" > $nginx_conf
 
+reload_nginx () {
+    original=$(root="$nginx_root" ./certbot-nginx/tests/boulder-integration.conf.sh)
+    nginx_conf="$nginx_root/nginx.conf"
+    echo "$original" > $nginx_conf
 
-killall nginx || true
-nginx -c $nginx_root/nginx.conf
+    killall nginx || true
+    nginx -c $nginx_root/nginx.conf
+}
 
 certbot_test_nginx () {
     certbot_test \
@@ -32,10 +34,30 @@ test_deployment_and_rollback() {
     diff -q <(echo "$original") $nginx_conf
 }
 
+export default_server="default_server"
+reload_nginx
 certbot_test_nginx --domains nginx.wtf run
 test_deployment_and_rollback nginx.wtf
 certbot_test_nginx --domains nginx2.wtf --preferred-challenges http
 test_deployment_and_rollback nginx2.wtf
+# Overlapping location block and server-block-level return 301
+certbot_test_nginx --domains nginx3.wtf --preferred-challenges http
+test_deployment_and_rollback nginx3.wtf
+# No matching server block; default_server exists
+certbot_test_nginx --domains nginx4.wtf --preferred-challenges http
+test_deployment_and_rollback nginx4.wtf
+# No matching server block; default_server does not exist
+export default_server=""
+reload_nginx
+if nginx -c $nginx_root/nginx.conf -T 2>/dev/null | grep "default_server"; then
+    echo "Failed to remove default_server"
+    exit 1
+fi
+certbot_test_nginx --domains nginx5.wtf --preferred-challenges http
+test_deployment_and_rollback nginx5.wtf
+# Mutiple domains, mix of matching and not
+certbot_test_nginx --domains nginx6.wtf,nginx7.wtf --preferred-challenges http
+test_deployment_and_rollback nginx6.wtf
 
 # note: not reached if anything above fails, hence "killall" at the
 # top