No IP from DuckDNS and Dedyn.io

[Cobra]

With my internet connection I received a router that assigns me two dynamic IPs, IPV6 and IPV4.
IPV4 is quite stable because it seems to only change when the router is rebooted.
IPV6, instead, always changes at midnight and, I think, even during the day.
So, I created two accounts on DuckDNS and Dedyn.io.
There's no DDNS setting on the router.
However, no matter how hard I try in OpnSense, I can't get an IP address to assign Let's Encrypt certificates for an internal NAS.
At this point, the problem is either the ISP or a misconfigured firewall.
I also looked at guides for configuring the WAN interface with IPv6, but I'm holding off to avoid creating a mess because I know very little about IPv6.
I've now reset OpnSense to its default configuration, meaning there are no WAN or LAN rules.
OpnSense is version 26.1.6, and the only plugins installed are OS-ddclient and os-isc-dhcp.
Thanks in advance for your help.

[OPNenthu]

IPV6, instead, always changes at midnight and, I think, even during the day.

Yeah, it's interesting to compare what different residential ISPs do w.r.t dynamic IPv6.  I have experience with two here: Comcast and Verizon.  They are very different.  In both cases with DHCPv6-PD in OPNsense, the former one uses long-lived prefixes that rarely change (you could be forgiven for thinking it's static) and the latter changes them almost every time you look!  There are annoying tradeoffs either way.

The problem with the long-lived prefix is that SLAAC clients, especially those with privacy extensions, break whenever the modem reboots and causes a prefix deprecation for the same prefix that is going to be used again.  It doesn't sound too problematic until you realize that Comcast reboots frequently (it feels like weekly, at least).

The problem with the short-lived ones is just that your clients accumulate all the prefixes and if they're using privacy extensions you could imagine dozens of deprecated addresses in 'ip a' or 'ifconfig' output :P  But the network heals quickly / doesn't break.  (Side note: I bet these are probably the users that complain the most about all of the addresses appearing in Hostwatch / Automatic Discovery.)

I digress.

I created two accounts on DuckDNS and Dedyn.io.

Why both?

I use DuckDNS and it does work with the os-ddclient plugin.  I use the native backend in General Settings with interval=300.

Attaching a screenshot of my IPv4 ddclient config.  Put your DuckDNS domain name in the "Hostname(s)" field.  For IPv6 you would just clone it and change the "Check ip method" to "Interface [IPv6]". 

Once that is working, then you can move on to setting up the ACME client with the DNS-01 challenge type.  You'll need the DuckDNS API token.  There's one "gotcha" that's very important for certificate renewal to work with DuckDNS: you need to set the "DNS Sleep Time" parameter in the challenge type settings to some value (I use 120) which gives enough time for propagation.  Else it tends to fail.