Dear treefiddy,
Hello and I hope that all is well. I just put up a Let's Encrypt Tutorial / How To for DuckDNS and I imagine you can modify those instructions to fit your DDNS preferred service if you wish to. Here is the link to the topic on the main OpenWrt Forum:
I hope that this helps as I know what it is like to struggle with the issue that you are dealing with. Hopefully this assists others as well. Happy Father's Day To All