The DA forum best place to ask why that is. Or review the Troubleshooting guide in their docs. It's just below the topic I linked earlier.
An HTTP Challenge can work with or without Always HTTPS but only if DA sets up your origin server to support that. If it doesn't, there are several ways to configure Cloudflare to support that. See: Cloudflare "Let's Verify You Are Human" stopping letsencrypt challenge - #10 by linkp
What DA requires in this case is best derived from their docs or forum. See: https://forum.directadmin.com/
Generally, all the problems you have described are in using and configuring Direct Admin. I am sure you will get better results from the experts at the DA forum.