Is your server (not Cloudflare) configured that the site address is the one without ‘www’ ?
Do you have SSL service on your origin server? If so, make sure it is set also for the address without www. If you don’t at all, then you should configure Cloudflare “SSL mode” as “Flexible” under “Crypto” tab (that’s really not recommended because communications to your site are not really secure - an adversary may not listen to the traffic between the clients and Cloudflare, but they COULD listen to traffic between Cloudflare and your server). If you can’t get a regular SSL certificate for your server, you may install Cloudflare’s “origin certificate” (also from Crypto tab) on your server, so that Cloudflare can securely connect to you, and then you could switch the SSL mode to “Strict (Full)”