The story of how I spent more hours fighting with Content Security Policy configs than migrating Rails application to Digital Ocean.
TL;DR: Check your /etc/letsencrypt/options-ssl-nginx.conf file
and make sure you don’t have CSP and other security headers conflicting with Rails headers in there.