Nextcloud mail certificate dns resolution


I have configured a UCS Server with Nextcloud Hub, Mailserver and Let´s Encrypt and i want to configure mail in nextcloud.
I´m facing the folowing Problem:
I can´t configure Mail in nextcloud, because it can´t check the certificate and gets a tls-error.
The router does not support NAT-Loopback, so the client behind can´t resolve the DNS of nextcloud, so i added an entry to the hosts-file, so it can resolve DNS and check the certificate as valid.
But I have no idea how to configure the nextcloud-docker-container to resolve the dns or disable the certificate check.
Does someone have an idea or “best practice” to solve this problem?

with kind regards

I’ve been using Nextcloud on UCS for several versions at least and configured RainLoop mail client on Nextcloud and it’s working fine. I am using the UCS system as the DNS server and I haven’t had any issues.

thanks for the quick answer.
I see what you mean, in this case i have the problem, that i don´t know how to add the entry “” for the mailserver-IP to the dns, for names like “” it´s working well.

Hmm… I’ve never thought to try using the top level domain for our server. It’s always been something like I do an IP entered for my top level domain in the DNS settings of the UCS system, so I don’t think you should have any issues making it resolve if you are using UCS for DNS, but I’m not sure what other issues there might be.

To do that you just edit the domain under dns and there is a section ip addresses where you can add the IP.

I did not configure any mail related DNS settings on my UCS server. So - DNS-requests must be resolved by my router, which answers with the public UCS-server address.
Then my Nextcloud mail does connect without certificate error

Your router is probably doing NAT-loopback which the OP said his router does not do.

I am not sure, whether my FritzBox 7490 can handle NAT-loopback

My /etc/resolv.conf:

nameserver 192.168.xx.yy (IP of my UCS server)
nameserver 192.168.xx.1 (IP of my router)
options timeout:2

Maybe it might help