Directions through setting up SSL through let’s encrypt – https://wpengine.com/blog/its-time-to-secure-your-wordpress-site-with-https/
So the answer to your question is that all sites on Cloudflare have SSL at that level…the network level. Which comes before the server level. So the answer to lots of questions about security, performance, etc, is that they should be done at the highest level possible. Network level being the highest, then server level, then WordPress/website level. So all sites on Cloudflare have SSL at that level and that will be enough to get a secure padlock for a website visitor. However, Cloudflare has to communicate w/ the WPE server behind the scenes and that should be secure as well…that’s where the WPE SSL (Let’s Encrypt) comes in, to secure the Cloudflare to WPE server communication ( here’s a page w/ some graphics about it).Also, we use the setting on WPE SSL page to enforce HTTPS from that location. We could do it at the Cloudflare level (which would be slightly better), however, not all of our sites use Cloudflare. So for those sites, website visitors go straight to WPE server and use the Let’s Encrypt SSL cert. So to be consistent across 100% of our websites, we enforce HTTPS on the WPE SSL setting. That’s one of those settings that you only want to set in one location else it can cause infinite redirect loops.