I run a Nextcloud server at home on Debian 10 which is accessible from the internet via DynDNS. A redirect to HTTPS and the associated certificates to the domain are set up via Letsencrypt.
From the Internet everything works
From the LAN / WLAN everything works too
I don't see how this relates to the cert or even HSTS though. HSTS just says the client (browser) should use https for future requests even if http requested.
Maybe something to do with your server sending http error 500?
It's the "Privat DNS" System provided by Android. So is basically uses a "different" DNS than that provided by your WiFi / Network Provider and it encrypts it using "DNS over TLS".
The "curious" thing is, that "Private DNS" works if I'm using it outside my LAN/WiFi Networg (e. g. mobile Data). It's just not working "inside" my LAN/WiFi
Yes, it does return the same IP Adress. But you're pointing me in another way. I'll have to check the configuration of my Pi-Hole ... maybe I was mislead by the "HSTS" message.
this feels somewhat like hairpin nat problem? when you use private dns it will reply your public address, which may not redirected to your server if it's used from inside.
from a german forum, hat die Fritzbox 6590 eine Nat Loopback bzw.Hairpinning-Unterstützung?
you will need to disable DNS rebind protection for that domain
Heimnetz -> Netzwerkübersicht -> Netzwerkeinstellungen -> DNS-Rebind-Schutz
or what google translater said for upper,
Home network -> Network overview -> Network settings -> DNS rebind protection