Hint: The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.
My web server is (include version):
The operating system my web server runs on is (include version):
Ubuntu 20.04
My hosting provider, if applicable, is:
Cloudflare
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.21.0
It looks like you changed your Cloudflare config since you posted. Your Cloudflare now redirects HTTP requests for .well-known/acme-challenge to HTTPS. But, the standalone authenticator for certbot only listens on port 80 (http). Trying an HTTPS request of any kind gets a 502 error from your nginx server (a proxy statement is likely failing).
You might want to try using a Cloudflare Origin CA certificate for your origin server. This is setup in your Cloudflare config and does not require you to run certbot. This Origin CA cert allows HTTPS requests between your origin server and the Cloudflare Edge.
[this would require the HTTPS server continue to run while HTTP service is stopped]
[which is likely done easiest by using only one web server (for HTTPS)]
[OR two web servers - one only for HTTP and another for HTTPS, then stopping HTTP for certbot]
If that sounds a bit extreme...
Well, it is!
You could also take a very much more simple path and just use the --webroot challenge to have HTTP and HTTPS route challenge requests to the same folder [making both reach their expected location].
By the way, @Milenko, the original error affecting the IP address beginning in 3.124 is typically a router or firewall error where Let's Encrypt is not able to make an inbound connection to the server because a firewall prevents the connection (in a moderately unusual way).
I read all comments,and made a lot of changes.
docker-compose run --rm certbot certonly --webroot --webroot-path /var/www/certbot/ -d outline.quantox.dev
Confirm that — if you have your SSL/TLS mode set to Full or Full (Strict ) — you have installed a Cloudflare Origin Certificate
If you have Cloudflare proxying your site, you need to have your origin server already listening on HTTPS on port 443 (serving the site's actual content there). In addition, if you don't already have a certificate, you need to not have "SSL/TLS mode set to Full or Full (Strict)", or else you have to use Cloudflare's origin CA.
Having your site behind Cloudflare may be useful for many reasons, but it somewhat complicates obtaining and using a Let's Encrypt certificate, and also complicates debugging (since we can't directly see the underlying error that prevented communications with your server!).