Bear with me if this is going to sound like I need to get frustration off my chest but… well.
Only after the certificate had expired for the (static) subdomain I use I learned that my Nextbox was not as reachable as I thought it was… (which is a pain in the back due to HSTS; “luckily”, I have a Windows VM with its included safety-agnostic IE).
The problem of certbot not being able to renew the certificate vanished after I had removed DynDNS and “port forwarding” for IPv6, i.e., the Nextbox is only connected via IPv4 again.
In between, I seriously considered to dump the Nitrokey parts of Nextbox and use the hardware with manually installed Nginx/Nextcloud like in the years before on RPis and Odroid.
Besides, this would also give the opportunity to always have the latest updates thanks to no Docker dependency etc…
Running Nextcloud 126.96.36.199
NOT on latest patch level
I’m actually used to having an A+ at all times.
However: I am pretty sure I followed each aspect of the documentation re. IPv6, and more. Still, it was not possible to persuade the FritzBox to use the same IPv6 prefix for the Nextbox and “the Internet”. At least I think I could nail the certbot problem down to this, would fit well with other people’s descriptions.
Also still, the second test says:
“Successfully tested reachability for: nn.nn.nn.nn, cloud.example.com but no Nextcloud instance answered!”
So, what does this reachability test do? Is it safe to ignore? Will I have to mark January 24, 2022, in my calendar because then the current certificate is bound to expire again??
All in all, I bought the box because I had hope to reduce maintenance efforts (and because I needed new hardware for my cloud anyway). Sadly, this did not turn out to be true yet.