ok now i made a new firewall port forwarding rule (added port 80 to forward to the local server) and now it should be accessible. (odd, that it worked before this rule, but anyway it works now).
edit: so since adding the port forwarding rule (port 80) i was able to successfully run sudo certbot --apache in order to get a new certificate. i assume what happened was this:
- starting point: existing nextcloud server with letsencrypt certificate, with current firewall (firewall1) having port forwarding on both port 80 as well as 443.
- firewall2 enters as firewall1 has hardware failure.
- i only made port forwarding rule for port 443 on firewall2.
- letsencrypt certificate expires
- unable to renew, because connections through port 80 didn't work.
solution: make firewall rule to forward port 80, in order to renew letsencrypt.