I moved away from Page Rules for ACME challenge configs in Cloudflare. I use the Configuration and Cache Rules now. I don’t make any specific WAF changes, only the following:
Configuration Rules:
Name: ACME Challenge
Expression: (starts_with(http.request.uri.path, "/.well-known/acme-challenge/"))
Automatic HTTPS Rewrites: Off
Browser Integrity Check: Off
Opportunistic Encryption: Off
Security Level Essentially Off
SSL: Off
Cache Rules:
Name: ACME Challenge
Expression: (starts_with(http.request.uri.path, "/.well-known/acme-challenge/"))
Cache status: Bypass cache