If you include “https://xxxx.duckdns.org” in an http: entry (in configuration.yaml) you subsequently ONLY be able to access your HA using “https://xxxx.duckdns.org” and not be able to get to it from (say) 192.168.0.200:8123 locally on your lan (which is a bugger if your phone line is down etc.)
Please look at : - DuckDNS - It's not just me - it's you! everything you should need is in there unless you need to wipe out your existing config (see earlier in same thread) It also means that as https defaults to port 443 you can just expose port 443 and direct it to 443 on your HA (encrypted all through) 8123 is not encrypted. No other ports required.