I’m having the same problem. Even in staging.
Using certbot I can successfully obtain a cert in staging:
sudo certbot --dns-cloudflare certonly --staging --email emillynge24@gmail.com -d hildemil.net --dns-cloudflare-credentials /root/cloudflare.ini
Which suggests that there is some issue with the caddy plugin rather than the DNS setup or the cloudflare API.
I know it doesn’t solve the problem you’ve having with DNS validation, but if you’ve got ports 80 and 443, why not use regular HTTP validation?
For me, the problem here is a matter of being able to hotswap an instance. If I have to setup an entirely new proxy, I cannot obtain certificates until the proxy is live, which will cause downtime until new certs are obtained.
Also, I like to be able to test my setup locally using docker containers, in which case it is nice to be able to get certificates even when my proxy is not publically reachable.