A CNAME record lookup will show our record, but if you do a TXT record lookup on the _acme-challenge subdomain instead, you don’t see it.
Instead, you’ll see several TXT records published there, served directly from Cloudflare’s nameservers.
That’s because Cloudflare needs to set these records to be able to obtain their SSL certificates to protect your website. But this can result in them overriding your own records. As far as I can tell, there is not a lot you can do about this except wait for Cloudflare to finish the SSL setup on their end and remove their records.
In the mean time, you can use Cloudflare with “Full” SSL mode instead, and just use a self-signed certificate on your hosting account. It’s not as secure as “Full (strict)” mode, but it’s secure enough for most websites.