My web server is:
Caddy, 0.11.5
The operating system my web server runs on is :
Ubuntu server 16
My hosting provider, if applicable, is:
OVH
I can login to a root shell on my machine
i don’t know, i normally ssh
I’m using a control panel to manage my site
No
The version of my client is
caddy 0.11.5
Yeah, putting Cloudflare (“with the orange cloud” enabled) or any CDN in a similar fashion in front of your site will break the TLS-ALPN challenge, so renewals will fail with that in Caddy 0.11.5.
Caddy 0.11.5 has a known bug from an upstream dependency, go-acme/lego, which does not try the other challenge types (such as HTTP) even though they are enabled - which was introduced in a change that had like a quarter million lines updated so it went unnoticed in a review, but the bug report is still open. The latest version of Caddy (v1.0.1) works around this limitation and now the latest Caddy again has the most robust, reliable ACME challenge implementation of any server: it randomizes challenge selection among enabled challenges, and will retry if one fails. (It used to do this but that was when lego was working correctly.)
In any case, you should upgrade your Caddy version to benefit from this. Once the rate limit expires, you can get a certificate. To be absolutely correct, though, should also disable the TLS-ALPN challenge since it will not work behind Cloudflare anyway: https://caddyserver.com/docs/cli#disable-tls-alpn-challenge