When I read this document:
If you host a service on xyz123boot.com, the original server IP is 136.23.63.44. CloudFlare will provide you with DDoS protection, Web application firewalls, and other security services to protect your services from attack. To do this, your Web server must support SSL and have a certificate, at which point the communication between CloudFlare and your server is encrypted (i.e., no flexible SSL exists), just like the communication between you and CloudFlare. This looks safe, but the problem is that when you connect directly to the IP on port 443 (https://136.23.63.44:443), the SSL certificate is exposed.
how to understand this line:
when you connect directly to the IP on port 443 (https://136.23.63.44:443), the SSL certificate is exposed.