Duck DNS log says okay and reports the same IP that I also see in DuckDNS in my account for the two domains.
Issuance of certificates works, I have multiple that also automatically extend, but they are all for different second level domains. Neither with duckdns nor with my own domains I have ever been able to create more than one certificate for different sub-domains under the same second level domain.
I also have two outdated certificates in NPM that I do not use anymore and that therefore expired, yes.
I have rebooted the complete HassOS host, does not change anything.
If I add an NPM entry for subdomain.domain1.duckdns.org with HTTP, it works.
I I choose the domain1.duckdns.org certificate for it and try HTTPS, it gives certificate error.
If I try to issue a certificate for subdomain.domain1.duckns.org in NPM, it leads to the internal error from above.
EDIT:
I think I got it working!
I manually selected to extend the certificate in NPM. That worked, extended until 22.12.22.
Then I did the proxy host entry first with http and no certificate and saved.
Then I went again into this entry, selected to issue a new certificate but DID NOT select to use the DNS challenge where you can then selecte duckdns in the drop-down menu.
So just like this:
This did then work without issues on first look!
And on first try the same procedure also worked for the second domain entry in duckdns, the domain2.duckdns.org.
So all in all it seems that everything was solved by manually pushing NPM to extend ther certificate that was still valid and would have been extended as usual towards end of October anyways.
Very odd, but happy with the result! 