Wrong WAN IP / Let's Encrypt Script fails?

Hello!
I used the pre-configured VM by tech an me. Newest download.
We have got a Sophos UTM Firewall with an external interface and one internal interface. Our ISP provide us an IP-Subnet (for example 1.1.1.0 /29). The default IP address of the external interface is 1.1.1.2. We just added 1.1.1.3 to the external (additional addresses) and configure NATing from the external 1.1.1.3 to the internal (static) IP of our Nextcloud Server. The internal interface just can masqueraded with the main IP (1.1.1.2).
When I now start the nextcloud vm, after bootup it shows me something like that:
WAN IPv4: 1.1.1.2
WAN IPv6:
LAN IPv4: [my internal ip]

So, nextcloud think it’s WAN IPv4 ist 1.1.1.2 but it’s 1.1.1.3!
I can reach the nextcloud Server when I am typing https://1.1.1.3 in my browser…

The problem is now that I want to generate a ssl certificate from let’s encrypt. But that script fails because by subdomain “cloud.mydomain.com” is not reachable. But it actually is reachable. I think that is caused by the wrong WAN IP…

Can you help me?
I hope you understood me and sorry for my bad english :frowning:

Really no Ideas?