Why do you have a DHCP relay and why do you have DNS server (remote requests + cache) enabled on the AP?
On the AP, try adding a DHCP Client with interface set to the bridge and add ether1 as a bridge port too since there is no routing. Remember to change the list member of ether1 from WAN to LAN too.
So far I have done what you mentioned, squeeze. And after this everything was fine. But now the hAP has no access to the internet again and I did nothing. The WLAN ports didn't have access to the hEX and the LAN ports also. I tried to find out what is wrong but I need your help again.
This is my config of the hAP:
# jun/30/2018 17:35:48 by RouterOS 6.42.3
# software id = N8B5-9W0L
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 830608EA823A
/interface bridge
add admin-mac=CC:2D:E0:1D:5D:B5 auto-mac=no comment=defconf name=bridge
/interface wireless
set [ find default-name=wlan2 ] band=5ghz-a/n/ac channel-width=\
20/40/80mhz-Ceee distance=indoors frequency=auto mode=ap-bridge ssid=\
MikroTik-1D5DBA vlan-id=40 vlan-mode=use-tag wireless-protocol=802.11
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
add authentication-types=wpa2-psk management-protection=allowed mode=\
dynamic-keys name=Woodroot supplicant-identity=MikroTik \
wpa2-pre-shared-key=***********
/interface wireless
# managed by CAPsMAN
set [ find default-name=wlan1 ] band=2ghz-g/n channel-width=20/40mhz-Ce \
country=germany distance=indoors frequency=2422 mode=ap-bridge \
security-profile=Woodroot ssid=Woodroot2 vlan-id=40 vlan-mode=use-tag \
wireless-protocol=802.11
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 pvid=40
add bridge=bridge comment=defconf interface=ether3 pvid=40
add bridge=bridge comment=defconf interface=ether4 pvid=40
add bridge=bridge comment=defconf disabled=yes interface=ether5 pvid=5
add bridge=bridge comment=defconf interface=sfp1
add bridge=bridge comment=defconf interface=wlan1 pvid=40
add bridge=bridge comment=defconf interface=wlan2 pvid=40
add bridge=bridge interface=ether1 pvid=40
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=LAN
add interface=ether5 list=LAN
/interface wireless cap
#
set bridge=bridge discovery-interfaces=bridge enabled=yes interfaces=wlan1
/ip address
add address=192.168.40.20/24 comment="Bridge Address MGMT-VLAN" interface=\
bridge network=192.168.40.0
add address=192.168.15.20/24 interface=ether5 network=192.168.15.0
/ip dhcp-client
add disabled=no interface=bridge
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid disabled=yes
add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new disabled=yes in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.40.1
/system clock
set time-zone-name=Europe/Berlin
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN
If there is something wrong on the hEX I provide you its config:
# jun/30/2018 21:05:36 by RouterOS 6.42.5
# software id = G7JR-VZNY
#
# model = 960PGS
# serial number = 89F908AE5EB1
/caps-man channel
add frequency=2412 name=1
add frequency=2417 name=2
add frequency=2422 name=3
add frequency=2427 name=4
add frequency=2432 name=5
add frequency=2437 name=6
add frequency=2442 name=7
add frequency=2447 name=8
add frequency=2452 name=9
add frequency=2457 name=10
add frequency=2462 name=11
add frequency=2467 name=12
add frequency=2472 name=13
add frequency=5180 name=36
add frequency=5200 name=40
add frequency=5220 name=44
add frequency=5240 name=48
add frequency=5260 name=52
add frequency=5280 name=56
add frequency=5300 name=60
add frequency=5320 name=64
add frequency=5500 name=100
add frequency=5520 name=104
add frequency=5540 name=108
add frequency=5560 name=112
add frequency=5580 name=116
add frequency=5600 name=120
add frequency=5620 name=124
add frequency=5600 name=128
add frequency=5660 name=132
add frequency=5680 name=136
add frequency=5700 name=140
/interface bridge
add admin-mac=CC:2D:E0:68:3D:3E auto-mac=no comment=defconf name=MainBridge \
pvid=5 vlan-filtering=yes
add fast-forward=no name=SubBridge
/interface ethernet
set [ find default-name=sfp1 ] disabled=yes
/interface vlan
add interface=MainBridge name=VLAN5 vlan-id=5
add interface=MainBridge name=VLAN40 vlan-id=40
add interface=MainBridge name=VLAN110 vlan-id=110
add interface=MainBridge name=VLAN120 vlan-id=120
add interface=MainBridge name=VLAN130 vlan-id=130
add interface=MainBridge name=VLAN140 vlan-id=140
add interface=MainBridge name=VLAN150 vlan-id=150
add interface=MainBridge name=VLAN160 vlan-id=160
add interface=MainBridge name=VLAN170 vlan-id=170
/caps-man datapath
add bridge=MainBridge local-forwarding=yes name=datapathSubBridgeWlan
/caps-man configuration
add channel=3 channel.band=2ghz-g/n channel.extension-channel=Ce \
channel.frequency=2422 country=germany datapath=datapathSubBridgeWlan \
datapath.local-forwarding=yes distance=dynamic name=ConfigWoodroot2GHz \
security.authentication-types=wpa2-psk security.encryption=aes-ccm \
security.passphrase=************ ssid=Woodroot
add channel=56 channel.band=5ghz-n/ac channel.frequency=5280 country=germany \
datapath=datapathSubBridgeWlan datapath.local-forwarding=yes distance=\
dynamic name=ConfigWoodroot5GHz security.authentication-types=wpa2-psk \
security.encryption=aes-ccm security.passphrase=************ ssid=Woodroot5
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot profile
set [ find default=yes ] html-directory=flash/hotspot
/ip pool
add name=default-dhcp ranges=192.168.88.10-192.168.88.254
add name=dhcp_pool1 ranges=192.168.110.150-192.168.110.200
add name=dhcp_pool2 ranges=192.168.120.150-192.168.120.200
add name=dhcp_pool3 ranges=192.168.130.150-192.168.130.200
add name=dhcp_pool4 ranges=192.168.140.150-192.168.140.200
add name=dhcp_pool5 ranges=192.168.150.150-192.168.150.200
add name=dhcp_pool6 ranges=192.168.160.150-192.168.160.200
add name=dhcp_pool7 ranges=192.168.170.150-192.168.170.200
add name=dhcp_pool8 ranges=192.168.40.150-192.168.40.200
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=VLAN110 name=dhcp1
add address-pool=dhcp_pool2 disabled=no interface=VLAN120 name=dhcp2
add address-pool=dhcp_pool3 disabled=no interface=VLAN130 name=dhcp3
add address-pool=dhcp_pool4 disabled=no interface=VLAN140 name=dhcp4
add address-pool=dhcp_pool5 disabled=no interface=VLAN150 name=dhcp5
add address-pool=dhcp_pool6 disabled=no interface=VLAN160 name=dhcp6
add address-pool=dhcp_pool7 disabled=no interface=VLAN170 name=dhcp7
add address-pool=dhcp_pool8 disabled=no interface=SubBridge name=dhcp8 relay=\
255.255.255.255
/caps-man manager
set enabled=yes
/caps-man manager interface
add
add interface=VLAN40
add forbid=yes interface=MainBridge
add disabled=no interface=SubBridge
/caps-man provisioning
add action=create-dynamic-enabled hw-supported-modes=gn master-configuration=\
ConfigWoodroot2GHz
add action=create-dynamic-enabled hw-supported-modes=an master-configuration=\
ConfigWoodroot5GHz
/interface bridge port
add bridge=MainBridge comment=defconf interface=ether2 pvid=5
add bridge=MainBridge comment=defconf interface=ether3 pvid=40
add bridge=MainBridge comment=defconf interface=ether5 pvid=40
add bridge=MainBridge comment=defconf hw=no interface=sfp1 pvid=5
add bridge=MainBridge interface=VLAN110 pvid=110
add bridge=MainBridge interface=VLAN120 pvid=120
add bridge=MainBridge interface=VLAN130 pvid=130
add bridge=MainBridge interface=VLAN140 pvid=140
add bridge=MainBridge interface=VLAN150 pvid=150
add bridge=MainBridge interface=VLAN160 pvid=160
add bridge=MainBridge interface=VLAN170 pvid=170
add bridge=SubBridge interface=VLAN40 pvid=40
add bridge=MainBridge interface=VLAN5 pvid=5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface bridge vlan
add bridge=MainBridge tagged=MainBridge,ether2,ether3,ether5 vlan-ids=40
add bridge=MainBridge tagged=ether2,MainBridge vlan-ids=110
add bridge=MainBridge tagged=ether2,MainBridge vlan-ids=120
add bridge=MainBridge tagged=ether2,MainBridge vlan-ids=130
add bridge=MainBridge tagged=ether2,MainBridge untagged=VLAN140 vlan-ids=140
add bridge=MainBridge tagged=ether2,MainBridge vlan-ids=150
add bridge=MainBridge tagged=ether2,MainBridge vlan-ids=160
add bridge=MainBridge tagged=ether2,MainBridge vlan-ids=170
/interface list member
add comment=defconf interface=MainBridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=ether4 list=LAN
add interface=VLAN110 list=LAN
add interface=VLAN120 list=LAN
add interface=VLAN130 list=LAN
add interface=VLAN140 list=LAN
add interface=VLAN150 list=LAN
add interface=VLAN160 list=LAN
add interface=VLAN170 list=LAN
add interface=VLAN5 list=LAN
add interface=ether2 list=LAN
add interface=ether3 list=LAN
add interface=ether5 list=LAN
add disabled=yes list=LAN
add disabled=yes list=LAN
add disabled=yes interface=SubBridge list=LAN
add interface=VLAN40 list=LAN
/ip address
add address=192.168.2.11/24 interface=MainBridge network=192.168.2.0
add address=192.168.15.15/24 interface=ether4 network=192.168.15.0
add address=192.168.2.10/24 interface=ether1 network=192.168.2.0
add address=192.168.40.1/24 interface=VLAN40 network=192.168.40.0
add address=192.168.110.1/24 interface=VLAN110 network=192.168.110.0
add address=192.168.120.1/24 interface=VLAN120 network=192.168.120.0
add address=192.168.130.1/24 interface=VLAN130 network=192.168.130.0
add address=192.168.140.1/24 interface=VLAN140 network=192.168.140.0
add address=192.168.150.1/24 interface=VLAN150 network=192.168.150.0
add address=192.168.160.1/24 interface=VLAN160 network=192.168.160.0
add address=192.168.170.1/24 interface=VLAN170 network=192.168.170.0
add address=192.168.5.1/24 interface=VLAN5 network=192.168.5.0
add address=192.168.40.5/24 interface=SubBridge network=192.168.40.0
/ip dhcp-server lease
add address=192.168.40.150 always-broadcast=yes client-id=1:cc:2d:e0:1d:5d:b5 \
mac-address=CC:2D:E0:1D:5D:B5 server=dhcp8
add address=192.168.40.152 always-broadcast=yes client-id=1:0:a0:de:fc:a7:12 \
mac-address=00:A0:DE:FC:A7:12 server=dhcp8
add address=192.168.40.151 client-id=1:2c:f0:a2:40:bb:99 mac-address=\
2C:F0:A2:40:BB:99 server=dhcp8
add address=192.168.40.153 client-id=1:e4:8b:7f:ca:3f:ed mac-address=\
E4:8B:7F:CA:3F:ED server=dhcp8
/ip dhcp-server network
add address=192.168.40.0/24 dns-server=192.168.40.1,192.168.2.1 gateway=\
192.168.40.1
add address=192.168.110.0/24 dns-server=192.168.110.1,192.168.2.1 gateway=\
192.168.110.1
add address=192.168.120.0/24 dns-server=192.168.120.1,192.168.2.1 gateway=\
192.168.120.1
add address=192.168.130.0/24 dns-server=192.168.130.1,192.168.2.1 gateway=\
192.168.130.1
add address=192.168.140.0/24 dns-server=192.168.140.1,192.168.2.1 gateway=\
192.168.140.1
add address=192.168.150.0/24 dns-server=192.168.150.1,192.168.2.1 gateway=\
192.168.150.1
add address=192.168.160.0/24 dns-server=192.168.160.1,192.168.2.1 gateway=\
192.168.160.1
add address=192.168.170.0/24 dns-server=192.168.170.1,192.168.2.1 gateway=\
192.168.170.1
/ip dns
set allow-remote-requests=yes servers=192.168.2.1
/ip firewall filter
add action=accept chain=input comment=\
"defconf: accept established,related,untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
invalid disabled=yes
add action=accept chain=input comment="defconf: accept ICMP" disabled=yes \
protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
disabled=yes in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
disabled=yes ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
disabled=yes ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
connection-state=established,related disabled=yes
add action=accept chain=forward comment=\
"defconf: accept established,related, untracked" connection-state=\
established,related,untracked disabled=yes
add action=drop chain=forward comment="defconf: drop invalid" \
connection-state=invalid disabled=yes
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=192.168.2.1
/system clock
set time-zone-name=Europe/Berlin
/system identity
set name=MikroTik-Keller2
/system routerboard settings
set silent-boot=no
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN