SSL handshake failed - Cloudflare / Squarespace / Subdomain

TL;DR - I believe I need to setup SSL with Nextcloud AIO. A little unsure how to do that? I don’t think I need reverse proxy as I’ve seen in other posts but maybe someone more knowledgeable than me can tell that I do.

Context

I’m one of the lucky few who had a Google domain that’s been transferred to Squarespace because of our corporate overloads playing enterprise chess.

Previous setup - Google domains + Cloudflare + Nextcloud AIO

I have a domain that I use to host a regular website (e.g. www.tld.com) and since I already own the website I simply have an A type record for the nextcloud subdomain (e.g. nextcloud.tld.com). So all I had is the regular AIO setup, Cloudflare namespaces in Google domain, and then a DNS A type record in Cloudflare pointing to my nextcloud IP address.

After the Squarespace acquisition of Google domains

Yesterday my registrar officially ported over and everything’s on Squarespace now. First both my regular website and my nextcloud site had the SSL handshake failed issue. I updated the A record for my regular site (root/tld address) and it’s working again. However nextcloud subdomain is no longer working.

I should note that I can access nextcloud.tld.com:8443 fine, but nextcloud.tld.com had the SSL certificate issue

I believe I can resolve this with setting up SSL on my nextcloud (it’s never had SSL before because frankly with the original setup it just worked). Does anyone know how to do this with Nextcloud AIO setup?

EDIT: I don’t think this is the issue. It now appears that my tld.com site has an SSL problem and my nextcloud.tld.com has a Let’s Encrypt certificate.