change domain to use SSL everywhere problem

I'm running nginx 1.6 on a debain squeeze machine. For almost 20 years I've had mail.blah.net hosting my own webmail using SSL. Here's its config file:

server {
listen 80;
server_name mail.blah.net;
location / { if ($http_host ~ "^mail\.blah\.net"){ rewrite ^(.*)$ https://mail.blah.net/$1 redirect; } rewrite ^(.*)$ https://mail.blah.net/ redirect; }
}

server {
listen 443 ssl;
server_name mail.blah.net mail.blah.nl "";
root /usr/share/squirrelmail;

ssl on;
ssl_certificate /etc/nginx/ssl-unified.crt;
ssl_certificate_key /etc/nginx/ssl.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
ssl_dhparam /etc/nginx/dhparam_4096.pem;

location / {
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
}

location ~ ^/(.+.php)$ {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_param HTTPS on;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}

location ~* ^.+.(jpeg|jpg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}

add_header Strict-Transport-Security "max-age=16070400; includeSubdomains";
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /\.ht { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }
location ~ \.(yml|db)$ { return 410; }

location /webmail { rewrite ^/* / last; }

access_log /var/log/nginx/mail.access.log gzip buffer=32k;
error_log /var/log/nginx/mail.error.log notice;


Now I'd like to run the entire domain blah.net, so with all subdomains and no subdomain, over SSL, so: https://*.blah.net
Since the domain has enjoyed a lot of config quirks over the years, it turns out not being as easy to switch to SSL everywhere as I thought. Here's the current config that could apply;


server {
listen 80 default_server;
server_name _;
return 301 http://blah.net$request_uri;
}

server {
server_name www.blah.net;
return 301 $scheme://blah.net$request_uri;
}

server {
listen 80;
server_name blah.net "" 91.228.53.46 ;
root /w/blah;
try_files $uri $uri/ $uri/index.html $uri.htm $uri.html;
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
access_log /var/log/nginx/blah.net.access.log gzip buffer=32k;
error_log /var/log/nginx/blah.net.error.log notice;

add_header Strict-Transport-Security "max-age=16070400; includeSubdomains";
location = /robots.txt { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ~ /\.ht { access_log off; log_not_found off; deny all; }
location ~ ~$ { access_log off; log_not_found off; deny all; }
location ~ \.(yml|db)$ { return 410; }

# serve static files directly
location ~* ^.+.(jpeg|jpg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}

# php5-fpm ready
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}

location /mail { rewrite ^(.*)$ https://mail.blah.net redirect; }
location /webmail { rewrite ^(.*)$ https://mail.blah.net redirect; }

}

server {
server_name www.blah.nl;
return 301 $scheme://blah.nl$request_uri;
}
server {
listen 80;
server_name blah.nl;
root /w/blah;
try_files $uri $uri/ $uri/index.html $uri.htm $uri.html;
include /etc/nginx/security;
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;

access_log /var/log/nginx/blah.access.log gzip buffer=32k;
error_log /var/log/nginx/blah.error.log notice;

# serve static files directly
location ~* ^.+.(jpeg|jpg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}


location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}

server {
listen 80;
server_name secure.blah.nl;
location ^~ / {
root /w/x;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/htpass;
include /etc/nginx/security;
autoindex on;
autoindex_exact_size on;
autoindex_localtime on;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/tmp/php-fpm.sock;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
}
}

access_log /var/log/nginx/secure.access.log gzip buffer=32k;
error_log /var/log/nginx/secure.error.log notice;

# serve static files directly
location ~* ^.+.(jpeg|jpg|gif|css|png|js|ico|html|xml|txt)$ {
access_log off;
expires max;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
}

The main issue causing trouble is that I used to redirect all SSL requests to use mail.blah.net. If I try to change all to SSL I still get redirected to the mail doc-root. Could someone experienced in nginx help me out a little and see where that was once set to do so?

Also, I want *.blah.nl to change to *.blah.net everywhere, since I only have one domain with a valid SSL cert.

And everything else that might seem out of whack for SSL everywhere is welcome to be corrected.
Thanks in advance!