I thought that my TXT record could be updated/submited for the CNAMEd domain (mydomain.duckdns.org), like Caddy server does with the override_domain directive in the DNS challenge plugin, please see this link.
Also, this behavior is supported by Let’s Encrypt, let's see:
Since Let’s Encrypt follows the DNS standards when looking up TXT records for DNS-01 validation, you can use CNAME records or NS records to delegate answering the challenge to other DNS zones. This can be used to delegate the
_acme-challengesubdomain to a validation-specific server or zone. It can also be used if your DNS provider is slow to update, and you want to delegate to a quicker-updating server.
In my case, I can't simply update or change the certificateProviders because my current DNS provider is unsupported (by Traefik).
Regards.