I think you did not read/understood this line from felix
if you have an official SSL cert for your external domain e.g. remote.fantasy.de
add an DNS forward zone to your UCS DNS server named remote.fantasy.de with the internal IP of your UCS server hosting the webapplication or proxy
that is what’s called SPLIT DNS configuration
look at: https://www.psw-group.de/newsletter/splitDNS.pdf
rg
Christian