I can think of a lot of reasons why that might be the case! primary one being that your SSL is being cached with the cloudflare responses.
There isn’t a guide to use cloudflare with SSL on your server because that isn’t feasible at all. for SSL thing to happen (in case of letsencrypt anyway) your server needs to say hello on port 80 & 443 which in the case of cloudflare is proxied by their servers so the ACME server doesn’t gets the desired response and SSL creation/renewal fails.
for Site to work in SSL, easiest way is to use the cloudflare template on your server and use their certificate in flexible mode. You can as well remove your nginx server installed on your server and simply open port 80 in for docker. if you need additional security, you can set up firewall to disallow connections from anything other than cloudflare IPs to your server.
hmmm … I’m not sure. I’ve never had a good time with cloudflare and discourse. There had been a lot of issues in setting it up and even after I managed to get it up & running, most of the things failed on me because there are a lot of tools in cloudflare which do very aggressive caching and discourse doesn’t likes it.
final choice still would be yours if you have to have cloudflare then use the method I suggested. this is the “most likely would work” type of situation but I won’t take any responsibility if cloudflare decides to be funny and doesn’t lets it work.
that speaks for itself! this is the cloudflare proxy ssl not the one being served from your server.