Hmm, not sure then. Maybe it is because both VirtualHosts are in the same config file… Usually Certbot automatically creates a second config file for the SSL config and adds redirect directives to the first one…
Example:
If your config file is named nextcloud.conf, Certbot will create a second config called nextcloud-le-ssl.conf
This would mean, that you now have two SSL configs for the same Server and Alias Names, but only the one in your first config file contains the additional directives for Nextcloud.
Maybe it would be easier to disable all of the existing configs, and start over with a fresh config.
ls /etc/apache2/sites-available
then disable all the configs:
a2dissite filename.conf
Then create a new simple config file as follows:
nano /etc/apache2/sites-available/nextcloud.conf
<VirtualHost *:80>
ServerName cloud.domain.com
ServerAlias cloud.domain2.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Save the file and exit nano.
Enable the site:
a2ensite nextcloud.conf
Restart Apache and run certbot. Certbot will then create a file called nextcloud-le-ssl.conf, which already contains the directives from the first VirtualHost plus the SSL config. Leave those entries alone and only add the rest of your existing config under <VirtualHost *443> from the old config file to it: