Problems with Let's Encypt Certificate Generation

Hello,

I'm new to docker and Traefik and I try to get some example setup just for learning and testing. Now I face issues with Let's Encrypt.
Docker runs on a Raspberry PI4. It's a home setup, so the Internet traffic runs through a NAT device.
Here is my docker-compose.yml file:

version: "3.5"

services:

  traefik:
    image: "traefik:v2.5"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=example@example.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`example.domain.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"

Unfortuantely the ACME request doesn`t work and I get the following error messages:

time="2021-11-14T16:56:48Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=websecure
time="2021-11-14T16:56:48Z" level=debug msg="Adding route for example.domain.com with TLS options default" entryPointName=websecure
time="2021-11-14T16:56:48Z" level=debug msg="Try to challenge certificate for domain [example.domain.com] found in HostSNI rule" rule="Host(`example.domain.com`)" providerName=myresolver.acme routerName=whoami@docker
time="2021-11-14T16:56:48Z" level=debug msg="Looking for provided certificate(s) to validate [\"example.domain.com\"]..." rule="Host(`example.domain.com`)" providerName=myresolver.acme routerName=whoami@docker
time="2021-11-14T16:56:48Z" level=debug msg="No ACME certificate generation required for domains [\"example.domain.com\"]." rule="Host(`example.domain.com`)" providerName=myresolver.acme routerName=whoami@docker
time="2021-11-14T16:57:02Z" level=debug msg="TLS Challenge CleanUp temp certificate for example.domain.com" providerName=tlsalpn.acme
time="2021-11-14T16:57:02Z" level=debug msg="Configuration received from provider tlsalpn.acme: {\"http\":{},\"tls\":{}}" providerName=tlsalpn.acme
time="2021-11-14T16:57:02Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2021-11-14T16:57:02Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/936365758"
time="2021-11-14T16:57:02Z" level=error msg="Unable to obtain ACME certificate for domains \"example.domain.com\": unable to generate a certificate for the domains [example.domain.com]: error: one or more domains had a problem:\n[example.domain.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem)\n" providerName=myresolver.acme routerName=whoami@docker rule="Host(`example.domain.com`)"

The NAT configuration seems to be corrent, because I can access the service from the Internet. DNS configuration also works. I am able to successfully retrieve a Let's Encrypt certificate on another Linux machine.

Any ideas?

Thanks,
Siggi