I don't have this problem on other browsers, I'm using firefox. For some reason Firefox is getting the certificate of my opnsense firewall instead of Nextcloud. If I use another browser it works fine and shows the correct cert. My only thought on this is how my DNS server resides on opnsense so somehow that is causing this issue. There's no technical reason I can think of why it would happen otherwise. Nextcloud and my PC are on the same L2 network.
It's important to note if I hit the server with its IP address, I get the correct certificate (but nextcloud barks because the URL is not the FQDN, which is expected). I am mystified as to why I get an opnsense cert instead of my letsencrypt cert. It happens with sensei/zenarmor on or off.
can you try to clear HSTS cache and try again?
https://msutexas.edu/library/clearhsts.php
Nope that didn't do it. I tried Epiphany, Chromium, and Google Chrome and they do not have this issue. Just firefox. I am still puzzled why OPNsense cares at all. I guess because it is now serving my DNS that is why, but even then I don't know why the other browsers don't complain.
Same L2 subnet, my PC does a DNS lookup to OPNsense, retrieves the inside IP of the server which is the same L2 subnet. That's it. From then on out all communication is direct between my server and my PC. This server also has an external NAT in, though, but not sure how DNS is a ware of that.
Are you running a web proxy on your network, OPNsense or other?
Maybe something running WPAD and / or a proxy auto-config script...?
Maybe also check your proxy settings in Firefox...