Thanks for the warm welcome and your asistance @MikeMcQ.
That is the setup of a site that we currently use, it is hosted on Azure with Cloudflare. When you register on that site you get assigned a built-in subdomain, but it gives you also the ability to register custom domains. You are instructed to add the required DNS records and once you add all required DNS records and those are validated, then your domain gets registered on Azure and on Cloudflare.
The A record points to Azure, and www is pointed to cloudflare fallback origin in order to utilize the cloudflare custom hostnames feature.
The reason why a record points to azure is a cloudflare plan limitation, and as a workaround the apex domain will always get redirected to www.
Cloudflare for SaaS with Apex Proxying:
This allows you to support apex domains even if your customers are using a DNS provider that does not allow a CNAME at the apex. This is available as an add-on for Enterprise plans. For more details, refer to Apex Proxying.
This is the reasoning behind the current setup
For example, some other domains use the same setup, and the Let's Encrypt order was successfully created, and the certificate was successfully generated and uploaded.
Here is the other domain with the same DNS records that I used for test and on this one everything works:
cookiecode.online
On this domain, the order was without errors for both the apex and www domains. and on communithrive.com it worked for www and consistently failed for the apex domain.