All you need for a free Cloud Flare account is a domain and an email address.
Little countries and even some little islands all have their own top-level domain these days. Many registrars around the world are pleased to sell these cc TLD and g TLD registrations.
When they see the padlock on their screen, they feel that everything is safe. It's easy to use for a cybercriminal with numerous domains hidden behind the privacy services of various registrars.
The Cloud Flare certificates we found all had the common name in the same style as the "ssl2796.cloudflare.com" shown in that Netcraft report.
If so, it would make no difference whether the origin server has its own certificate.
Cloud Flare may claim that there is no way plaintext can be accessed from their equipment racks, despite the fact that some sort of decrypt and re-encrypt must occur there due to the nature of their role as a CDN.
The ISP replies that everything is encrypted, and Cloud Flare traffic cannot be intercepted.
In other words, nothing can be done about the ISIS sites, carders, booters, gamblers, escorts, phishers, malware, and copyright infringers that Cloud Flare protects. It's fairly obvious you ask this ISP to block the Cloud Flare IP addresses used by the offending domains (this is already happening in Russia).If those IPs change, then block Cloud Flare's entire IP space, and continue to monitor the situation.