You can always use vpn to workaround that. Its also saver. Your Router should have some sort of VPN like wireguard. If not, you can also use a home assistant vpn addon.
some progression, maybe…
using my wifi
the laptop:
both www.duckdns.org and mydomain.duckdns.org work on Safari but not on Chrome (error: ERR_TUNNEL_CONNECTION_FAILED)
my phone:
works for both
using my mobile network
the laptop hot-spotting from my phone:
chrome: ERR_TUNNEL_CONNECTION_FAILED for both
safari both popup saying "the website did not accept the certificate “unknown” and prompt me to select a certificate, none of the selections work
my phone:
www.duckdns.org and mydomain.duckdns.org gives an ERR_SSL_PROTOCOL_ERROR
This indicates a failure on the DNS service.
When you are internally then they all work, except Chrome, which might be set up with its own DNS servers, instead of the ones provided over the DHCP on the Wifi or it uses DNS-over-HTTPS, so it will act as external too.
What happens when you look up your addresses here: https://ping.eu/
And what happens when you ping and traceroute them?
Ping:
64 bytes from “my ip”: icmp_seq=1 ttl=55 time=37.8 ms
…
| packets transmitted | 4 |
|---|---|
| received | 4 |
| packet loss | 0 % |
| time | 3011 ms |
DNS lookup:
Using domain server:
Name:
127.0.0.1
Address:
127.0.0.1#53
Aliases:
mydomain.duckdns.org has address “my ip”
mydomain.duckdns.org mail is handled by 50 mydomain.duckdns.org.
trace route
1 ***** ***** *****
| 2 | static.213-239-254-169.clients.your-server.de | 213.239.254.169 | de | 1.731 ms | * | |
|---|---|---|---|---|---|---|
| static.213-239-254-193.clients.your-server.de | 213.239.254.193 | de | 0.249 ms |
| 3 | static.213-239-254-214.clients.your-server.de | 213.239.254.214 | de | 2.648 ms | ||
|---|---|---|---|---|---|---|
| juniper4.nbg1.hetzner.com | 213.239.252.229 | de | 2.883 ms | |||
| static.213-239-254-234.clients.your-server.de | 213.239.254.234 | de | 2.741 ms |
| 4 | ae12-498.nbg40.core-backbone.com | 5.56.20.253 | de | 2.749 ms | ||
|---|---|---|---|---|---|---|
| ae12-500.nbg40.core-backbone.com | 80.255.9.21 | de | 2.737 ms | |||
| ae12-499.nbg40.core-backbone.com | 81.95.15.5 | de | 2.725 ms |
5 ae3-2072.lon10.core-backbone.com 80.255.15.166 de 15.442 ms 15.267 ms 15.276 ms
| 6 | core-backbone.virginmedia.com | 5.56.20.74 | de | 15.522 ms | ||
|---|---|---|---|---|---|---|
| core-backbone.virginmedia.com | 80.255.14.250 | de | 15.289 ms | |||
| core-backbone.virginmedia.com | 5.56.20.74 | de | 15.522 ms |
7 ***** ***** *****
8 ***** ***** *****
| 9 | leed-core-2a-ae4-0.network.virginmedia.net | 82.15.94.254 | gb | 23.777 ms | ||
|---|---|---|---|---|---|---|
| gb |
10 ***** ***** *****
11 ***** ***** *****
12 ***** ***** *****
13 ***** ***** *****
14 ***** ***** *****
No reply for 5 hops. Assuming we reached firewall.
See if you can log the dropped/rejected packets from the traceroute. It should be either ICMP Echo Request (type 8) or UDP packets from ports 33434 ti 33534.
Also when a device can not connect with HTTPS have you then tried with HTTP instead. It should not be possible, but if it is, then your HTTPS configuration is faulty.
Silly question, but how do i get the traceroute to log the dropped packets?
I’m unable to connect to HTTP, it either redirects to https, or on my mobile network, it gets blocked
You log them on your firewall rules in your firewall.
You should also be able to see your connection attempts from your external devices too.
My very helpful router doesn’t log anything from the firewall, or at least nothing other than login attempts to the router itself - thanks Virgin Media 
What router is that?
Hub 3.0 - at least that’s what my router page tells me
Just stumbled over this thread and thought it might be relevant here.
Good find, thanks for posting and helping me work out what is going on.
And thanks O2 
At least now I can try to solve it either by updating my DNS or some other way. For now, I can access it from pretty much any wifi network, just not my mobile network.
I did message O2 and ask about this - i got this response, which i’m not sure is correct, as i’ve been able to access duck DNS on other wifi’s, though haven’t tried another phone just yet
18 Dec 2023 11:17
Hi Martin
Nadia here and I’m sorry to hear that you haven’t been able to access duckdns.org.
We’ve checked out that domain from a different network and found that it can’t be accessed from their either so the issue isn;t with your SIM or network connection.
You’ll need to contact the provider for duckdns.org to find out what’s up.
Sorry I can’t help further this time Martin. Anything else though, just ask and we’ll get onto it, otherwise, have a great day giffgaffer.
Nadia at giffgaff | the Ask an Agent Crew