Port 389 wants STARTTLS encryption. Port 636 is TLS. Both return the system certificate. If it is self signed your PHP client rejects it. You can either configure 
a valid system certificate (eg letsencrypt), or configure your client to ignore certificate errors 
Both Roundcubemail and Nextcloud modules are PHP applications and work with NS. You surely can make it work 