here is your mistake, no certs should be copied from docker.
You need to create the certificates as such:
sudo ./certbot-auto --apache --agree-tos --email youremailaddress -d office.ns7.lan
I assume that your main site certificate is created and that you can access the nextcloud server through its public ip address.
after the letsencrypt certificate for your office.ns7.lan you need to follow the steps in the link I pointed you to earlier.
your ssl virtual host should look like this
---------------office.ns7.lan-le-ssl.conf -----------please add > to the first and last 2 lines----------
# Container uses a unique non-signed certificate
# keep the host
# static html, js, images, etc. served from loolwsd
# loleaflet is the client part of LibreOffice Online
ProxyPass /loleaflet https://127.0.0.1:9980/loleaflet retry=0
ProxyPassReverse /loleaflet https://127.0.0.1:9980/loleaflet
# WOPI discovery URL
ProxyPass /hosting/discovery https://127.0.0.1:9980/hosting/discovery retry=0
ProxyPassReverse /hosting/discovery https://127.0.0.1:9980/hosting/discovery
# Main websocket
ProxyPassMatch "/lool/(.*)/ws$" wss://127.0.0.1:9980/lool/$1/ws
# Admin Console websocket
ProxyPass /lool/adminws wss://127.0.0.1:9980/lool/adminws
# Download as, Fullscreen presentation and Image upload operations
ProxyPass /lool https://127.0.0.1:9980/lool
ProxyPassReverse /lool https://127.0.0.1:9980/lool
-----------------------end of file -----please add > to the first and last 2 lines--------------
I tried to ping that domain , it does not exist are you sure you were able to register such a name ?