Does the router have its own webserver that can process the letsencrypt query via port 80?
Router runs its own web server, mostly it's used for WebFig. It's also used to process letsencrypt handshake.
So I could dnsnat the port only for the cert-check and renewal to the router webserver. (probably with scripting)
I have already tried to dstnat port 80 to the router IP. 192.168.1.1 with no success and the same letsencrypt Error.
You don't dst-nat port to router's own address, you disable dst-nat for a while and allow connections towards port 80 in firewall for chain=input (preferrably only for a few IP addresses from which letsencrypt performs that handshake).
Another possibility is to configure your internal web server to reverse-proxy that URL to your router. If you allow WebFig access from where web server resides, then no change is needed on router. Surely you have to reconfigure internal web server only during router's certificate renewal.
Yet another possibility is to use internal web server to perform certificate renewal and then script installation of new certificate to router ... no configuration change whatsoever is needed in this case.