I have the same config and went through the same phase as you.
I disabled the DuckDNS certification handling and went to NPM to do so. The certificates generated by NPM are not located in the ssl root as those generated by DuckDNS.
They are located in this directory /nginxproxymanager/live/npm-5/privkey.pem in ssl directory.
Do you see them ?
You also have to change some lines in the configuration.yaml in the http section
Mine looks like this :
http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24