I have a VPN server with about 70 websites and all are using Cloudflare.
I asked Cpanel support to implement Origin Pulls and it did not work.
These were the errors seen.
[Thu Dec 19 12:57:00.960535 2019] [ssl:warn] [pid 30166] AH01909: asubdomainnameonmyserver.com:443:0 server certificate does NOT include an ID which matches the server name.
It appears that there will need to be an SSL certificate from Cloudflare. Also, there may be a setting at Cloudflare that needs to be enabled for origin pulls. Please contact CloudFlare and request information on how they recommend setting this up on a cPanel server as this is a shared hosting environment.