Why, that's simple! Copy this script to your USG, run chmod +x on it and then, as a user with sudo permission, execute it.
Shamelessly borrowed from Brittanic on the Ubiquiti Unifi forums
Simply run the following command (note, if you are at all security concious-don't run it and instead review the script, then copy it to your USG to execute).
curl https://gist.githubusercontent.com/troyfontaine/7e6f93e32621177fc9a94e823adc52b5/raw/fix_ddns.sh | sudo bash
Well you won't? This updates the client-so you still need to use the config file method of telling the USG to use ddclient to talk to Cloudflare.
If you haven't heard, Cloudflare deprecated their older API in favor of their newer-so the old ddclient still included in the Unifi line of routers can't talk to it anymore.
For those of us who use Cloudflare for DDNS-it kinda sucked. This helped.
Yes! While the pinned version of ddclient says it is 3.9.1, commenters have tested and confirmed that it has been patched to support the Cloudflare Tokens.
The token has been tested with
All zones - Zone:Read, DNS:Edit and found to work.