I finally have everything set up.
This was actually not the problem. After accepting this, I gave in to using jails instead of the official nginx app. I used this excellent video to create a docker jail in which I am running nginx proxy manager on a dockge instance, just as shown in the mentioned video. With this I created my wildcard certificate and was able to set proxy hosts after creating a bridge interface. This is so I can reference the ip of the host machine, running the jail.
Now I only encountered one last problem: Nextcloud. When accessing it via the proxy host, it resolved the host to the local ip address of the truenas instance. To solve this, I used this solution. Note, that the OVERWRITEHOST variable can only be set if no Hostname is specified. See here for the forum post. After ensuring the self-signed certificate was used by nextcloud, https worked as expected. This also means I dont need a second certificate for the webUI besides the self-signed one. I only need the nginx certificate to use for all the proxy hosts, including the webUI.
One last thing:
You’re right. I redirect my domain to the local ip address of my truenas server. So all of this setup only works when connected to my local network (or via a VPN). I simply wanted to figure this out for the sake of it and to have these pesty “This connection is insecure” messages dissapear haha
I hope this will help some people trying to figure this out faster than I did 