YES, this works.
At Web-server (sub.domain.com): Redirect to my Dmz-server
RewriteRule ^/.well-known/acme-challenge/(.*) http://dmz.domain.com/.well-known/acme-challenge/$1 [R]
At Dmz-server, running
certbot certonly --preferred-challenges=http -d sub.domain.com
--> IMPORTANT NOTES: - Congratulations! .....