Yes, because I figured out the fix, which I’ll document for TNPB (The Next Poor B*stard)
The problem was caused by something Squarespace is apparently now doing. The root cause is that they want a CNAME in the DNS that points to ext-cust.squarespace.com. I had this entry, but it was set to be cached through Cloudflare. This caused their regular configuration check (which they’ve apparently JUST changed) to fail, which caused the certificate they generate for us to go away, which meant that Cloudflare couldn’t talk to them.
The only solution seems to be to turn off caching for everything that points to Squarespace. Once you do that, you can go to Squarespace Settings > Domains > yourdomain.com > DNS settings and confirm that it likes your DNS settings. Hit the Refresh button to see if the DNS is now what it expects; fix any red items in your DNS provider (Cloudflare in my case).
As soon as all your settings are green, Squarespace will generate a new certificate for you. Then go to Settings > Advanced > SSL and turn on HSTS Secure mode.
This will cause all traffic to bypass Cloudflare and go direct to Squarespace (which is what they are now recommending, but tsk-tsk for not giving people a headsup), and force everyone to use a SSL connection.