I have been working on this the whole day.
Finally I found the solution to be to just throw the A record for nextcloud out of the unbound overrides and it works.
I used THIS guide to set up wildcard certificates on opnsense and HAProxy. If anyone else comes across this issue, check your DNS.
Case closed.