It might be the DNS of the container as many don’t think of it as a client, I didn’t anyway 
Docker just copies the resolv.conf of the host and with internal installs sometimes that just does not work
But some stuff to check and post, Nextcloud do, do support… But can run you through some stuff.
To check the DNS/Certs entry.
nslookup subdomain.example.com
openssl s_client -connect subdomain.example.com:443
Check from clients, server and container.
Docker, wasn’t very keen at first but actually become to like it.
docker ps -a #list all containers.
docker stop [container-id] #stop container
docker rm [container-id] #delete container
docker images #list all images
docker rmi [image-id] #delete image
docker exec -i -t [container-id] /bin/sh #run shell inside container
docker logs [container-id] #view log
docker info #environment setup
Docker info is a good place to start as it will also give distro and backend storage details as there is much variance in distro aufs support, post results here.
docker exec -i -t [container-id] /bin/sh allows you to enter a root shell in the container and you can install software such as dnsutils or nano to check things out and edit.
If you are behind a subnet DNS then docker run -t -d -p 127.0.0.1:9980:9980 -e 'domain=nextcloud\.vote4u\.org\.uk' --dns=192.168.1.2 --restart always --cap-add MKNOD collabora/code
with --dns=192.168.1.2 making sure the container is pointing correctly at the right DNS server.
If its aufs that is the problem like on Debian or Ubuntu if sudo apt-get install -y --no-install-recommends
linux-image-extra-$(uname -r)
linux-image-extra-virtual
Hasn’t been run device-mapper does.
Might be aufs and an easy way is to swap to device-mapper instead.
Docker info will show Storage Driver: aufs and it doesn’t work and we can change to devicemapper
grep ExecStart /lib/systemd/system/docker.service
will return something like the below which we need to place in a system.d conf file
ExecStart=/usr/bin/dockerd -H fd://
mkdir /etc/systemd/system/docker.service.d
nano /etc/systemd/system/docker.service.d/execWithDeviceMapper.conf
Create like so (paste):
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd --storage-driver=devicemapper -H fd://
Dunno why it has a first blank ExecStart= but I copied it verbatim and it works.
systemctl daemon-reload
systemctl restart docker.service
docker logs [container-id] post here as much is outside the scope of the nextcloud logs.
openssl s_client -connect subdomain.example.com:443 run from client & container will also check certs at the same time as DNS and save installing dnsutils.