The Certbot renew command cannot renew certs that were created manually. Those require manual intervention (in your case adding a DNS TXT record) and cannot be automated without provided a --manual-auth-hook and related code.
It looks like you are geo-blocking HTTP requests so that is probably why an HTTP Challenge failed. See: Let's Debug
If you want recommendations about that see: Multi-Perspective Validation & Geoblocking FAQ
But, you are using Cloudflare as your DNS provider. You should be able to use the DNS plugin for that to replace your wildcard cert. See: