Alright, let’s tackle the issues one at a time, starting from the main one which will appear on all subdomains once you fix the second.
This is due to the fact that your server isn’t set-up to accept connections on port 443, where all HTTPS will go by default. To fix this you should set that up and have there a valid certificate (free ones, e.g. Let’s Encrypt, are just fine, as there no reason to pay for SSL anymore). This valid certificate can be also one of Cloudflare’s own Origin Certificates since, even if it will not actually be trusted by browsers, will be trusted by Cloudflare’s servers which should be the only one accessing directly the server.
There is another possibility, but IT IS NOT RECOMMENDED since it will actually not protect the traffic up to your origin server (more info: Why we recommend you don't use flexible!). For this solution go the the Crypto tab in your Cloudflare Dashboard and select “Flexible” in the dropdown at the top. This would be Full or Full (Strict) now.
They are not set-up to redirect to HTTPS. This can be done on your server (you would need to figure it out yourself since it varies wildly depending on server configuration and software stack) or by switch on “Always Use HTTPS” in the Crypto tab of your Cloudflare Dashboard. Be wary of possible Mixed Content issues from resources linked and/or embedded with
http:// hardcoded. All URLs should be always as relative as possible to prevent such issues.