@snk-nick You seem very skilled but this looks suspiciously like an older cloudflare plug-in. Or, the wrong format for the cloudflare ini in the container.
Could you possibly have a pip or other version of certbot in that container? Or pointing to an older format ini file for the certbot command?
I don't have any new ideas to debug the certbot issue. But, other ACME clients support limited scope tokens such as acme.sh (github)
UPDATE:
We cross-posted but I think your cloudlfare.ini format is wrong per one of the links above (this one)
Update2: You showed the correct format for the limited scope token in your first post. The one above was from your post #13