When Xfinity modem in Bridge Mode (pfSense has public IP), no issue with setting up DDNS on CloudFlare. When Bridge Mode disabled (Double NAT) DDNS does not work. I have tried port forwarding 53/853 on Xfinity modem and opening 53/853 with firewall rules and DDNS connection still shows inactive.
As far as I know, pfSense uses the Cloudflare API to update the DNS record. As per the documentation, that API expects an IP address in the request body. There is no option to deduce the address from the request, which is something other DDNS providers offer. Therefore, I suspect if you check the DNS zone in Cloudflare Dashboard, it will show the local (in the context of the Xfinity modem) IP address of the pfSense router.
As a workaround, you could periodically run a script that performs an IP address lookup with something like http://ifconfig.co/ip, compares it to the current DNS entry for your domain and calls the API if there is a mismatch.