Due to CloudFlare is a reverse proxy, so your TLS sessions are (necessarily) no longer end-to-end-encrypted, meaning CloudFlare (or any adversary that has owned CloudFlare) could read your traffic. So if you have CloudFlare enabled, your domain will not be able to verify, and if can't verify Domain Ownership, your SSL will not work.
So DO NOT USE CloudFlare, if you intend to use Let's Encrypt SSL.
If your site is behind CloudFlare, the best option is to not use Let’s Encrypt at all, but instead to use Cloudflare’s Origin CA: https://blog.cloudflare.com/cloudflare-ca-encryption-origin/
Chinese
English