So, when launching the renew I get a “unauthorized” and “To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.”
DNSSEC being enabled on your DNS, but not at your registrar, won’t cause any issues.
Your problem is that Cloudflare currently can’t talk to your origin server due to an expired certificate, so when you try to renew with letsencrypt (or another ACME provider) it can’t access that file.
What you should do - at least temporarily - is go to CF dashboard -> domain -> Crypto and set SSL to “full” instead of full strict. This should make your website accessible so that the acme provider can verify your ownership and issue the certificate.