Pretty much everyone uses Let’s Encrypt for their certs. They are free, and often built in to your reverse proxy.
Since you have multiple services, I’ll assume you have a reverse proxy set up. So just google Let’s Encrypt and the name of your reverse proxy and you should find a tutorial.
I’m not sure how using DynDNS impacts on this. If you have your own domain, use Cloudflare Tunnels. You install the software on your server, and it keeps a connection to Cloudflare. No port forwarding, no problems with IP addresses, you can use it behind CGNAT. It also will provide SSL for you for the browser to Cloudflare part, but I highly recommend still setting up Let’s Encrypt for the Cloudflare to Server part.