Ok.
Two other thoughts:
The let’s encrypt (which I assume they still use, behind the scenes) docs mention a TXT record but that screenshot shows CNAME … 
I guess go with whatever the Fly UI asks for though. After all, the green tick suggests its happy.
As for the time it’ll take, no idea but … I guess if your site is not working anyway … you don’t have much to lose by removing the cert from the flyctl cli … and then add it again. That should start the clock again, but this time you have the acme record already in place and so it would (possibly) work? Total guess.