If you receive a site down error from Cloudflare because of an invalid origin certificate, set the SSL mode to “Full.”
cPanel attempts to renew all SSL certificates before they are expired. However, since the DNS is pointed to Cloudflare, only HTTP validation can be used. If there is a HTTP to HTTPS redirect, the validation fails and the certificate isn’t renewed.
Once the certificate is expired, Cloudflare will not be able to validate the site and therefore fail to deliver it if SSL is set to “Strict.”
Simply change it to “Full” without the strict and everything will work again – your SSL will still be valid.