It's a DNS-01 challenge as presented in the Challenge Types article I linked above. The token is generated by the Let's Encrypt server, which is then obtained by your chosen ACME client (often builtin to your service or product) then either automatically written to your DNS (if you have configured that) or presented to you to manually write to your DNS.
I don't see a certificateResolver defined (not just referenced) anywhere in your code. Please fully read the Configuration Examples (directly linked-to below) and related documentation. You really don't want to be manually configuring a DNS-01 TXT record if such can be automated. Manual configuration sets you up for failure in the future.
I am just trying to learn and yes in the long run I do not want a manual cert update. I just need to walk before I run. I have read that information many times and ended up with the exact code they have to avoid any confusion.
So you are saying I need a certificate resolver definition?
Why was this not in the example code and ultimately where is the token needed for the DNS record?
What is really frustrating is that I can simply install certbod and run certbot --nginx to manually install a http cert on an aws instance in minutes. This Is taking may days without any results.
You need a domain registrar, and a DNS provider with an API that Traefik can use, to use DNS validation with Traefik and Let's Encrypt. The DNS provider doesn't have to be different from your domain registrar, but neither does it need to be the same.
You need a domain registrar to have a domain regardless of what you may do with it, including doing nothing with it. Assuming that you actually want to use the domain for anything, you need DNS. Some people use their registrar DNS, but many find it does not meet their needs and use a provider that they find more suitable.
I don't use Traefik, so I have no advice that pertains specifically to that application, but DNS-01 challenges are effortless if you use a supported DNS provider.
For automated certificate issuance, you should have a DNS provider which is supported by Traefik (/lego, the underlying ACME client used by Traefik) and have Traefik correctly configured to use the API of that provider.
Manually doing the DNS challenge is NOT recommended, although apparently Traefik does support it, looking at the last entry of the supported DNS providers. It does require Traefik to be run interactively though, so it cannot be automated at all.
My Traefik docker-compose file creates a acme.yaml file with all the certifications. Cloudflare also creates a certificate so which one am I using and/or what needs to be done so that there isn't some additional confusion?