After a while of working without trouble the DNS-Lookup of my provider two-dns.de got a bit unstable, so I changed to dynv6.com. Following the steps of NiceMicro I set up the server such that it will not do the https on its own, but sit behind a separate nginx that will terminate the TLS such that also other services can use the encryption. There are some caveats you might also fall into especially when using ddclient to update dynv6.com.
/etc/ddclient.config as dynv6.net recommends it on their homepage
protocol=dyndns2 server=dynv6.com login=none password='<yourpassword>' <yourhost>.dynv6.net
I had to change it to this
protocol=dyndns2 server=dynv6.com #usev6=if, if=eth0 #if-skip=Scope:Link ssl=yes use=web login=none password=<yourpassword> <yourhost>.dynv6.net
You see that I have commented out the ipv6 part. In case you want to update the ipv6 address on their side you need to comment that lines in, but that will skip the ipv4 update.
Today I will join the Open Computing Team Bonn for dinner and have a sincere talk about ipv6…