Does Fortigate provide some kind of HTTP API or programmatic interface to install domain certificates?
For the automated issuance and renewal of certificates from your Mac, I would suggest using DNS validation with an ACME client that supports Cloudflare, such as: https://github.com/acmesh-official/acme.sh/wiki/dnsapi#1-cloudflare-option . You can potentially use Certbot too, I’m just not sure how easy to is to install
certbot-dns-cloudflare via Homebrew.
However, you still need to automate the bit where you deploy the certificate to the Fortigate device. To do this, you would write a “deploy hook” (basically a shell script) which performs the commands to upload the certificate to the firewall. You can find some examples here: https://github.com/acmesh-official/acme.sh/wiki/deployhooks and see how they are implemented here: https://github.com/acmesh-official/acme.sh/tree/master/deploy .
There’s a deploy hook there for Palo Alto firewalls, perhaps you can base a Fortigate one on that.
And again, you could potentially do the same in Certbot, which also has its own “deploy hooks”.