I can only say for certain that the system making the cert request needs to validate the response.
So if the Nextcloud machine is another IP - the cert request/response will most likely fail.
Maybe you can pencil in a quick napkin drawing of how it is all connected.
Congratulations, all renewals succeeded. The following certs have been renewed:
This worked: see the second picture, thanks to Jürgen and rg305. -> set port forwarding for http and https to the same machine. The Apache servers take care of the traffic, no need to change any of the config files. Then ran: