Okay, the solution in our case was to renew the certificates at /etc/univention/ssl (which we were thrown off by, since the TLS certificate for the web server itself is configured somewhere else.)
We ran this bash script:
eval "$(ucr shell domainname ssl/default/days)"
cd /etc/univention/ssl
for i in *".${domainname}"
do
univention-certificate renew -name "$i" -days "${ssl_default_days}"
done
And then we pushed those TLS changes out to each Docker container using:
univention-app update-certificates
Source: Renewing the SSL certificates
Then, we just had to restart our Univention machine.
Hopefully that helps with your issue!