I’m thinking any kind of a redirect will compromise the renewal of the Letsencrypt certificate, since it uses the webroot for authentication. That’s a shame. I don’t know why /.well-known can’t be placed in a virtual path and Letsencrypt be configured to authenticate using that path? I’ve used Letsencrypt on other servers in the past without having to worry about the authentication process involving the webroot.
I’m not running a website (as of yet) on this nethserver, so I was thinking it would be great to just direct traffic to /nextcloud without having to include ‘nexcloud’ in the url. Currently nextcloud is routed through /usr/share/nextcloud. It’s even got its own .htaccess file in that directory.