Did you replace your domain with mydomain.duckdns.org in the logs, or did you just not configure the client with your domain? I’m not sure how it would have ever worked if that was the case, though. Either way, it tells you the DNS challenge record is missing.
Can you put the second SSID on a different subnet and block the traffic between them on your router?