As a result of the "Check for Updates" button always failing and seeing TLS related error messages, I downloaded the updated, non-self-signed certificate file (cacert.pem), reloaded the app, and then successfully used "Check for Updates" to move up to version 21.2-testing-r2333 of the app. Prior to these changes, I could access nzbget from a web browser anywhere in the world via this URL:
mydomain/nzbget
since the changes, mydomain/nzbget lands me on a 401 page.

I am using NGINX (latest version) as my domain server (registered with signed certificate) and as my reverse proxy. This permits me to access all my ARR apps with just one open port and via https. Since all of the other reverse proxy apps still work, I conclude that my conf files are correct but that something potentially needs to change regarding the nzbget section or some other setting in nzbget.

This is the nzbget reverse proxy declaration from the NGINZ conf file:

location ~ ^/nzbget($|./) {
rewrite /nzbget/(.) /$1 break;
proxy_pass http://:6789;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}