Had a ton more problems when the cert didn’t renew last night. But seem to have fixed it by adding another CNAME:
_acme-challenge.mydomain.com
pointing to
_acme-challenge.mydomain.duckdns.org
Not sure why the *.mydomain stopped working, but adding the above and then rebooting got me up and running again.