Sorry, I thought you were using one of the AWS load balancer (they also provide one for Lightsail instances) instead of Cloudflare. Yes, load balancers are paid services. You can get more information about the differences between CDN and load balancers in the link below
Apart from that, I checked your DNS configuration using the whatsmydns.net service. Your domain name points to multiple IP address and it means that you are using either a CDN or a load balancer. Therefore, the bncert tool won't find any DNS entry pointing to your server IP address (and it compares if the IP address of the machine running the bncert tool is configured in the DNS providers)
I've just found a similar thread on our forum (linked below) about using Cloudflare and Let's Encrypt. Can you check if it helps you to fix your issue?
Hope it helps,