DNS Challenge with LetsEncrypt and DuckDNS - Still "insecure connection"

Traefik Traefik v2
1

After having issues with ACME wildcard certificates with LetsEncrypt (Github issue #5317) I was hoping to get this up and running. However I seem to have something else configured wrong, as now my certificate is correctly fetched without any errors, but when I browse to my "subdomain.mydomain.duckdns.org" addresses I keep ending up on the error page "Your connection is not secure".

I'm running everything with docker-compose, a static and a dynamic toml config file as seen below.

As I'm a new user of traefik I'm not at all convinced I got the v1.x and v2 configs all sorted out correctly, so I really hope someone can spot where I made my mistake with the TLS config.

version: "3.5"
services:
  traefik:
    image: traefik:latest
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik/traefik.static.toml:/etc/traefik/traefik.toml
      - ./traefik/traefik.dynamic.toml:/etc/traefik/dynamic_conf.toml
      - ./traefik/traefik.acme.json:/acme.json
    environment:
      - DUCKDNS_TOKEN=xxxxx
    networks:
      - traefik-net


  jackett:
    image: linuxserver/jackett:latest
    container_name: jackett
    restart: unless-stopped
    environment:
      - PUID=1000
      - PGID=100
    volumes:
      - /ssd/jackett/config:/config
    ports:
      - 9117:9117
    networks:
      - traefik-net
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.jackett.rule=Host(`jackett.xxxxx.duckdns.org`)"
      - "traefik.http.routers.jackett.entrypoints=https"
      - "traefik.http.routers.jackett.middlewares=auth@file"
      - "traefik.http.routers.jackett.tls=true"
      - "traefik.http.routers.jackett.tls.certresolver=letsencrypt"
      - "traefik.http.routers.jackett.tls.domains[0].main=*.xxxxxx.duckdns.org"

networks:
  traefik-net:
    name: traefik-net

traefik.static.toml:

[global]
    checkNewVersion = true
    sendAnonymousUsage = false

[entryPoints]
    [entryPoints.traefik]
        address = ":8080"
    [entryPoints.http]
        address = ":80"
    [entryPoints.https]
        address = ":443"

[certificatesResolvers.letsencrypt.acme]
    email = "xxxxxx"
    storage = "acme.json"
    caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
    [certificatesResolvers.letsencrypt.acme.dnsChallenge]
        provider = "duckdns"
        delayBeforeCheck = 30

[acme]
[[acme.domains]]
    main = "*.xxxxxx.duckdns.org"
    sans = ["xxxxxx.duckdns.org"]

[api]
    dashboard = true
    insecure = true

[ping]
    entryPoint = "traefik"

[providers]
    [providers.docker]
        network = "traefik-net"
        endpoint = "unix:///var/run/docker.sock"
        exposedByDefault = false
        watch = true
    # Enable the file provider to define routers / middlewares / services in a file
    [providers.file]
        filename = "/etc/traefik/dynamic_conf.toml"
        watch = true

traefik.dynamic.toml:

# redirect http to https
[http.routers]
    [http.routers.redirs]
        entryPoints = ["http"]
        middlewares = ["redirect-to-https"]
        rule = "HostRegexp(`{host:.+}`)"
        service = "redir-noop"

[http.services]
    # noop service, the URL will be never called
    [http.services.redir-noop.loadBalancer]
        [[http.services.redir-noop.loadBalancer.servers]]
            url = "http://192.168.0.1"

[http.middlewares]
    [http.middlewares.redirect-to-https.redirectScheme]
        scheme = "https"

    [http.middlewares.auth.basicAuth]
        users = [
            "xxxxx:xxxxx", 
        ]