I agree, Let’s encrypt and ACME played a massive role. But it’s still far easier having Cloudflare handle TLS encryption for you.
And i say this as someone who uses ACME in certmanager and certbot at home and still prefers the ease with which Cloudflare generates a cert for my domain and terminates TLS for the public side of my cloudflare tunnel.
For my home stuff I just use nginx-proxy-manager and haven't thought about it since I set it up a couple of years ago.
For work, I used to use certbot directly at my old place. Now I am building my new stuff on k8s, and I have the ingress manage my certs for me (likely using certbot or similar behind the scenes). Both have been extremely low setup effort and no ongoing effort.
I don't like giving Cloudflare my (or my companies/customers) data in exchange for being able to click a checkbox.
And i say this as someone who uses ACME in certmanager and certbot at home and still prefers the ease with which Cloudflare generates a cert for my domain and terminates TLS for the public side of my cloudflare tunnel.