yes, if I set it in my bindery locally:
$ORIGIN servmin.duckdns.org.
$TTL 1M
@ IN SOA servmin.duckdns.org. admin.servmin.homelinux.org. (
2011140701 ; serial
8H ; refresh
4H ; retry
4W ; expire
3H ; minimum
)
servmin.duckdns.org. IN NS nuc.medianet.
IN A 10.1.1.xxx
ping yes -> port 80 no -> same with me.
jori
If there's no global connection available for port 80 then Let's Encrypt can't connect to authenticate via http-01.
Personally, I highly recommend that you use dns-01 authentication via the certbot duckdns plugin for which I gave you a link before. It will avoid any IP address complications completely.
Hi Griffin,
I know, if there's no 80(443) connection to the outside there is no way.
Finally I was successful in solving the problem. My idea in the beginning that there's something wrong to the ip-forwarding in my router was the right trace.
This describes my problem exactly:
(networking - How to make Apache output packets through a certain network interface when connected to VPN? - Server Fault)
I tried to maneuver around the problem by opening a second ip on the server to handle the apache traffic and sending 80 and 443 traffic by ip forwarding of the router to that secondary ip. But unfortunately I found out yesterday that fritz (my AVM-Router) doesn't handle targets with different ips on the same device.
So finally I choosed an other online station to receive the traffic and reroute it to the server's secondary ip and -god thanks- that workaround is doing the job.
So my dear, thank You very much for Your help and patience and as we say in German: it was helpful, that we talked about it 
regards
jori
You are quite welcome, my friend! 
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.