OK, now the log shows
"2022/01/26 05:58:19.214 ←[31mERROR←[0m tls.issuance.acme looking up info for HTTP challenge {"host": "jmstash.duckdns.org", "error": "no information found to solve challenge for identifier: jmstash.duckdns.org"}"
Looks like from Caddy v2 reverse proxy config for server already running on 443 that enabling tls_insecure_skip_verify is the way to go?