I’m also using Let’s Encrypt and Duck DNS. Local access works fine. Remote access works fine on my laptop. Access from the (Android, in my case) app doesn’t work. So, basically the same symptoms.
I REALLY need to make a video explaining how DNS and certificates actually work. This topic seems to be posted here at least 3x a week.
If you have a certificate installed ON your HA server, your internal and external URLs should be the same. Do not use the IP of HA, do not use homeassistant.local, none of that. The FQDN portion of the internal URL should be the exact same as the external.
Then, install the DNSMasq add-on. Create an A record for whatever your external FQDN is, and provide the internal IP address of your HA server.
Then, change your DHCP server to hand out the IP address of your HA server as the DNS server for your internal network.
As for accessing it, on your companion app set the external URL to be https://< myHAserver.com > and the internal URL to be https://< myHAserver.com:8123 >. Or, you can do away with that external NAT and simply use 8123 for both, which is marginally less confusing.
Problem solved. No more of this hairpinning the firewall nonsense, and no more certificate mismatches.
That really depends on how the setup is.
If no port is given, then port 443 is assumed with https.
But I agree a video on how DNS relate to IP addresses and how certificates do not would nice.
Correct on both counts, fixed my response. Thank you for that! Been a while since I had actually looked at that part of my config. LOL
That video has actually been on my to-do list for quite a while now, and the script is partly written already. Just haven’t had time between work and other videos. Need to spin up an azure lab to get all the screenshots of a DNS server since I think seeing the whole thing visually is what people need; looking at a bunch of text for A and CNAME records isn’t likely to make it “click” for most people. If you have any pointers or suggestions for specific things you think should be included in that video, please feel free to PM me (I don’t want to clutter up this thread).
Thanks!
Before you re-instal and re-configure your whole setup, drop the device on which you getting the error from the network.
I hit reconnect for my iphone in the wifi management app and it got a new fresh lease and everything works now…
I almost re installed homeassistant 
Seems this was just an accidental fix. Got the issue again and can’t fix it with the network drop anymore
My external url is set to “cloud”. Thus can’t replicate the inetrnal to the same.
Also the error sometimes appears, sometimes not and I am able to use HA on my iOS device on local nezwork just fine.
Judging from this - the companion app settings are OK, there is something else at play - something on the network itself - any ideas?
That’s why the first response with router routing the comm as direct local made most sense…