Using the guide at https://mthode.org/posts/2016/Jan/of-openstack-and-ssl/ in the Keystone and Uwsgi section recommends using uwsgi_param SCRIPT_NAME admin and uwsgi_param SCRIPT_NAME main. These are used for hosting multiple uwsgi apps on the same port, but keystone uses separate ports for admin and public, so this is not required. Setting the SCRIPT_NAME however modifies the URL which causes a failure with the keystone API. Removing the uwsgi_param SCRIPT_NAME lines fixes the problems.
those aren't official docs and were also not made for mitaka, but for liberty