If you can’t use port 80 but you can use port 443, that’s fine, because you can use the ACME TLS-ALPN challenge which happens over port 443, rather than the ACME HTTP challenge (port 80).
But looking at your logs, there’s clearly still a problem with Let’s Encrypt trying to reach your server on port 443. Are you sure your ISP allows that port to be used?
To turn off the HTTP challenge since you now know it won’t work, you can add this to your Caddyfile:
tls {
issuer acme {
disable_http_challenge
}
issuer zerossl {
disable_http_challenge
}
}
It’s a bit wordy, but this will keep both ACME issuers enabled but turn off the HTTP challenge.
Alternatively, you can use the ACME DNS challenge, which in your case should be quite easy to do since you use duckdns. I actually wrote the duckdns plugin for Caddy to make this work!
This will let you get around any restrictions on ports 80 and 443 for the purposes of ACME, but you’ll still need to find a port that your ISP doesn’t block that you can use for HTTPS (in your config you could use https://palmiotto.duckdns.org:8443 for example, as your site address)