Update TLS to 1.3 on Forge managed server

I am trying to enable TLS 1.3 support on a Forge provisioned server, I followed all guidelines, but still Chrome security tab and SSL Labs tests only use TLS 1.2.

Here are the steps I've taken:

1.Checked I have sufficient version of NGINX and SSL used:

$ nginx -V

nginx version: nginx/1.15.8
built with OpenSSL 1.1.0g  2 Nov 2017 (running with OpenSSL 1.1.1d  10 Sep 2019)
TLS SNI support enabled

2.Added the protocol and cyphers into the NGINX server block mostly as described here:

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS-CHACHA20-POLY1305-SHA256:TLS-AES-256-GCM-SHA384:TLS-AES-128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparams.pem;

3.I restarted NGINX but nothing happened

$ sudo systemctl reload nginx

Even when I removed TLSv1.2 from ssl_protocols directive in server block and restarted, it still showed as 1.2. Honestly I am running out of ideas. I tried to check the additional config directories that forge adds in /etc/nginx/forge-conf/, but nothing suspicious there. Can there be any other place where Forge server overrides TLS used in NGINX, or am I doing something wrong?