Nextcloud accepts browser requests only for hostnames listed in its trusted domain configuration. Adding a domain is common after moving DNS, changing the public site name, or replacing an installation-time hostname, and it prevents the new URL from landing on the untrusted-domain warning.
The trusted domain list lives in config/config.php as the trusted_domains array, and occ config:system:set can write one array index without opening the PHP file manually. Keep existing names that administrators still use, then add the new hostname at the next unused numeric index.
The domain entry is only one part of public URL handling. When a reverse proxy changes the visible scheme, port, or host before traffic reaches Nextcloud, pair this change with the reverse-proxy settings so generated links and security checks match the URL users open.
$ cd /var/www/nextcloud
Use the directory that contains the occ file. Common web-server installs use /var/www/nextcloud, while container images often use /var/www/html.
Related: How to run Nextcloud occ commands
$ sudo -E -u www-data php occ config:system:get trusted_domains localhost
trusted_domains is an array. The first value is index 0, so the next value in this example belongs at index 1.
$ sudo -E -u www-data php occ config:system:set trusted_domains 1 --value=cloud.example.com System config value trusted_domains => 1 set to string cloud.example.com
Do not remove the existing trusted hostnames unless they are no longer valid. Nextcloud uses this list to reject unexpected Host headers.
$ sudo -E -u www-data php occ config:system:get trusted_domains localhost cloud.example.com
$ curl --silent --show-error https://cloud.example.com/status.php
{"installed":true,"maintenance":false,"needsDbUpgrade":false,"versionstring":"35.0.0","productname":"Nextcloud"}
A JSON response through https://cloud.example.com confirms the hostname reaches the application without the untrusted-domain warning. If the site is behind a proxy and generated links still use the old host or scheme, update the reverse-proxy values separately.
Related: How to configure Nextcloud behind a reverse proxy
https://cloud.example.com/
The login page should load without the untrusted-domain warning. Review Administration settings → Overview after a public cutover so remaining proxy, HTTPS, or generated-URL warnings are handled separately.
Related: How to check Nextcloud administration overview warnings