Wildcard certificates with LetsEncrypt require API access to verify ownership of the domain.
Visit
https://dash.cloudflare.com/profile/api-tokens to create an API Token.
You will need to create an API Token with the following permissions:
- Zone / Zone / Read
- Zone / DNS / Edit
It should look like this:
Do not use API Keys:
