Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I’ve updated the title of your thread since as @bytecamp points out (Thank you!) it isn’t related to DNS.
It looks like you might be using a SOHO router to configure a DMZ/port forward. Does that mean your server is on a residential ISP? If so you might want to inquire with your ISP about whether they block inbound 443 to customers. Several home internet providers do this and it may explain why traffic on 443 doesn’t make it to your sever even though you’ve configured an exception at the router level.
Starting Nmap 7.40 ( https://nmap.org ) at 2017-09-15 15:53 CEST
Nmap scan report for sprayer4cloud.tk (127.0.0.1)
Host is up (0.000064s latency).
Other addresses for sprayer4cloud.tk (not scanned): 126.96.36.199
PORT STATE SERVICE
443/tcp open https
But when i did the same command from outside of my network the 443 port is closed…
I notice I am able to connect to an Apache server on port 80 using HTTP. It returns the default new Apache index page presently.
You may be able to use the HTTP-01 “Webroot” challenge mode of Apache with the current configuration but that will just delay your problem since you’ll still need 443 open to use HTTPS with your new certificate!
If you’re 100% certain your DMZ/port forwarding rules are correct I would begin to suspect your ISP. If you aren’t certain if the DMZ/port forwarding is correct that would be the best place to try and investigate further!
Sorry to hear that your ISP is to blame. Frustrating!
In general I’m wary about giving security advice off the cuff without understanding the threat model & fine details. I’m obviously biased () but I think HTTPS/TLS are the bare minimum required for a web service to be secure in 2017.
ARP poisoning is generally a LAN-specific problem so unless your adversary is on your wifi I wouldn’t worry about it
Could you rent a cheap Virtual Private Server and run your cloud there? Typically a VPS is a better place to run a server than in your own home if you can afford it.