If you are in the internet and look in the browser network analysis (F12) you can see that “nextcloud.lan45.keenetic.pro” (Internet) goes to “192.168.14.2” (internal). That is not possible. You must a real port-forwarding (80 and 443).
If you use dyndns you can CNAME nextcloud.lan45.keenetic.pro to the dyndns-ip/name, on the router forward tcp/443 to 192.168.14.2:443 ant then you can create on the server a Lets Encrypt certificate.