Does it have Zone.Zone:Read
as well? (See: GitHub - caddy-dns/cloudflare: Caddy module: dns.providers.cloudflare)
I would recommend manually swapping to the LetsEncrypt staging endpoint while you’re testing this deployment.
You won’t get trusted certificates from the staging endpoint, but the rate limits are greatly relaxed there and you can test away until you get a good result before swapping back to the production endpoint for real certs.
I believe Caddy can do this automatically if it detects a certain amount of failures but it’s best to be nice to the ACME server here and avoid the risk of a rate limit for yourself in the process.