I had it issuing good certs, but I had to kill that server and spin up a new one. With this new instance, I'm doing the same thing, but its only falling back to a self signed cert now. Please see my logs and help would be most appreciated. I'm using Cloudfalre Global API method and choosing Prod Wildcard. This is the error right before it fails:

Expecting 201, got 400 {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status":400} cert:

And here is the full log of the event:
checkCerts
Nov 19 21:39:09 box:settings initCache: pre-load settings
Nov 19 21:39:09 box:taskworker Starting task 46. Logs are at /home/yellowtent/platformdata/logs/tasks/46.log
Nov 19 21:39:09 box:tasks update 46: {"percent":1,"message":"Ensuring certs of my.purchasing.team"}
Nov 19 21:39:09 box:reverseproxy ensureCertificate: my.purchasing.team cert does not exist
Nov 19 21:39:09 box:reverseproxy ensureCertificate: getting certificate for my.purchasing.team with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"potter.jason@gmail.com"}
Nov 19 21:39:09 box:cert/acme2 getCertificate: attempt 1
Nov 19 21:39:09 box:cert/acme2 getCertificate: start acme flow for my.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
Nov 19 21:39:09 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
Nov 19 21:39:10 box:cert/acme2 registerUser: registering user
Nov 19 21:39:10 box:cert/acme2 sendSignedRequest: using nonce 0102PdcGurIqBMonW7RI5yn6QbZZzA6Og4bD7sQcZ1napnw for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Nov 19 21:39:10 box:cert/acme2 newOrder: *.purchasing.team
Nov 19 21:39:10 box:cert/acme2 sendSignedRequest: using nonce 0101f5JeVl7SEOEArPc6QQYUrMc6Bu29bkeldkpInsIVw-E for url https://acme-v02.api.letsencrypt.org/acme/new-order
Nov 19 21:39:10 box:cert/acme2 getCertificate: attempt 2
Nov 19 21:39:10 box:cert/acme2 getCertificate: start acme flow for my.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
Nov 19 21:39:10 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
Nov 19 21:39:10 box:cert/acme2 registerUser: registering user
Nov 19 21:39:11 box:cert/acme2 sendSignedRequest: using nonce 0101Nm_b8c1vMsJggeUjYsVInB_Iiuh66TxvJzxuCy8fs08 for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Nov 19 21:39:11 box:cert/acme2 newOrder: *.purchasing.team
Nov 19 21:39:11 box:cert/acme2 sendSignedRequest: using nonce 0102pGNISIKlY6Ne4308t2u5xJ2QHR2i7ypdntEKp5dxxq8 for url https://acme-v02.api.letsencrypt.org/acme/new-order
Nov 19 21:39:11 box:cert/acme2 getCertificate: attempt 3
Nov 19 21:39:11 box:cert/acme2 getCertificate: start acme flow for my.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
Nov 19 21:39:11 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
Nov 19 21:39:11 box:cert/acme2 registerUser: registering user
Nov 19 21:39:11 box:cert/acme2 sendSignedRequest: using nonce 0002gScWLsKRatFyL1MziFsrdGIhXLql6F-Dy1MRnhxIpPM for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Nov 19 21:39:11 box:cert/acme2 newOrder: *.purchasing.team
Nov 19 21:39:11 box:cert/acme2 sendSignedRequest: using nonce 0002JTYqZHfzYxzN0ARR-HIJ5GCO8iGPQFPWyaQp7PcApQs for url https://acme-v02.api.letsencrypt.org/acme/new-order
Nov 19 21:39:12 box:reverseproxy ensureCertificate: error: Failed to send new order. Expecting 201, got 400 {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status":400} cert: /home/yellowtent/platformdata/nginx/cert/.purchasing.team.cert
Nov 19 21:39:12 box:reverseproxy ensureCertificate: renewal of my.purchasing.team failed. using fallback certificates for purchasing.team
Nov 19 21:39:12 box:tasks update 46: {"percent":51,"message":"Ensuring certs of your.purchasing.team"}
Nov 19 21:39:12 box:reverseproxy ensureCertificate: your.purchasing.team cert does not exist
Nov 19 21:39:12 box:reverseproxy ensureCertificate: getting certificate for your.purchasing.team with options {"prod":true,"performHttpAuthorization":false,"wildcard":true,"email":"potter.jason@gmail.com"}
Nov 19 21:39:12 box:cert/acme2 getCertificate: attempt 1
Nov 19 21:39:12 box:cert/acme2 getCertificate: start acme flow for your.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
Nov 19 21:39:12 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
Nov 19 21:39:12 box:cert/acme2 registerUser: registering user
Nov 19 21:39:12 box:cert/acme2 sendSignedRequest: using nonce 00018F_zGIlrPdLOrxTHooFI9bYT44j1VCXXIcAYv1uc63Y for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Nov 19 21:39:12 box:cert/acme2 newOrder: *.purchasing.team
Nov 19 21:39:12 box:cert/acme2 sendSignedRequest: using nonce 0101xg4MHIhmz1ELkpsliLeqMMJJ3Us6EFkLQMp8irJcxLc for url https://acme-v02.api.letsencrypt.org/acme/new-order
Nov 19 21:39:12 box:cert/acme2 getCertificate: attempt 2
Nov 19 21:39:12 box:cert/acme2 getCertificate: start acme flow for your.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
Nov 19 21:39:12 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
Nov 19 21:39:12 box:cert/acme2 registerUser: registering user
Nov 19 21:39:13 box:cert/acme2 sendSignedRequest: using nonce 0102RXrZtuvwl0ZAzXcZ-vIW9xhR2Dz2ofNrddh0tQmar0s for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Nov 19 21:39:13 box:cert/acme2 newOrder: *.purchasing.team
Nov 19 21:39:13 box:cert/acme2 sendSignedRequest: using nonce 0001Mtwhwo88-f3pNFyHnulY8nQY-D2kLwY9I8JY5ebKNI8 for url https://acme-v02.api.letsencrypt.org/acme/new-order
Nov 19 21:39:13 box:cert/acme2 getCertificate: attempt 3
Nov 19 21:39:13 box:cert/acme2 getCertificate: start acme flow for your.purchasing.team from https://acme-v02.api.letsencrypt.org/directory
Nov 19 21:39:13 box:cert/acme2 getCertificate: will get wildcard cert for *.purchasing.team
Nov 19 21:39:13 box:cert/acme2 registerUser: registering user
Nov 19 21:39:13 box:cert/acme2 sendSignedRequest: using nonce 01022s16KNDTHAUDZGrXbSRSbWX_slAv6vBqTiYkBCsM5r4 for url https://acme-v02.api.letsencrypt.org/acme/new-acct
Nov 19 21:39:13 box:cert/acme2 newOrder: *.purchasing.team
Nov 19 21:39:14 box:cert/acme2 sendSignedRequest: using nonce 00029Ri5TwTJTIu77h4voLkYbkOntGJuf9dOX9lOHC8K8yM for url https://acme-v02.api.letsencrypt.org/acme/new-order
Nov 19 21:39:14 box:reverseproxy ensureCertificate: error: Failed to send new order. Expecting 201, got 400 {"type":"urn:ietf:params:acme:error:malformed","detail":"No Key ID in JWS header","status":400} cert: /home/yellowtent/platformdata/nginx/cert/.purchasing.team.cert
Nov 19 21:39:14 box:reverseproxy ensureCertificate: renewal of your.purchasing.team failed. using fallback certificates for purchasing.team
Nov 19 21:39:14 box:reverseproxy renewCerts: Renewed certs of []
Nov 19 21:39:14 box:reverseproxy cleanupCerts: start
Nov 19 21:39:14 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/default.cert notAfter=Jan 17 18:03:54 2024 GMT daysLeft=788.517127962963
Nov 19 21:39:14 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/potterlabs.xyz.host.cert notAfter=Jan 29 02:46:13 2024 GMT daysLeft=799.8798477662037
Nov 19 21:39:14 box:reverseproxy expiryDate: /home/yellowtent/platformdata/nginx/cert/purchasing.team.host.cert notAfter=Jan 26 14:49:29 2024 GMT daysLeft=797.3821161805555
Nov 19 21:39:14 box:reverseproxy cleanupCerts: done
Nov 19 21:39:14 box:taskworker Task took 4.248 seconds
Nov 19 21:39:14 box:tasks setCompleted - 46: {"result":null,"error":null}
Nov 19 21:39:14 box:tasks update 46: {"percent":100,"result":null,"error":null}