CA can't see port 80 that certbot temporarily serves when Cloudflare is proxying the server A record.
Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
Cleaning up challenges
Some challenges have failed.
Renewals will also then fail (for users that later enable CF proxying).
Solution: install certbot-dns-cloudflare plugin for users that supply an API token.
CA can't see port 80 that certbot temporarily serves when Cloudflare is proxying the server A record.
Renewals will also then fail (for users that later enable CF proxying).
Solution: install certbot-dns-cloudflare plugin for users that supply an API token.