These are easily resolved in your Cloudflare Configuration. I find it helpful to create a Page Rule for the following:
Allow ACME challenge
*example.com/.well-known/acme-challenge/*
Disable Security
SSL: Off
Cache Level: Bypass
Disable Performance
I use the new Configuration Rules and Cache Rules in Cloudflare instead of a Page Rule, but I didn’t have an example handy to share right now.