Yeah i checked for my case and Chrome was definitely showing the “RED lock” for Cloudflare cert and my subdomain were not in there. Maybe some propagation issue with the Cloudflare network of certificates where some get a valid cert and some dont. I cant tell you, but all i know is Chrome was warning me “Red Lock” that cert was not valid and when i inspect it all it showed was cloudflare sni but not my domains/subdomains.
This guy has error 525 so he is not using Fexible SSL. Thats a different issue, he changed to “Full” probably because he was trying to fix the initial issue with flexible ssl.