I would expect that they issue you a certificate signed by Cloudflare, which allows them to verify your server & encrypt the connection, but it would not be a trusted CA in users' browsers, but rather it would be trused by Cloudflare internally.