I discount this approach. It is necessary but not sufficient to pass on simple browser SSL tests. There are other complexities that are best left to the browser to negotiate the session.
The connection parameters including encryption parameters and certificate from the origin.
There are a lot of weird rules in WebPKI you may miss, this is beyond a general purpose TLS library.
Enforcing Certificate Transparency rules or CAA records, is the proxy doing this?