I agree with Paul (@pmjd ) I would look for new new hosting company.
The way they’re offering the “free” SSL is to run your sit as a sub-domain of some other URL. That was a common practice for hosting companies 5 or more years ago.
It sounds as if they’re not keeping current on best practices in hosting.
Let’s Encrypt certificates are free to them to offer, and run your domain as is. The really only reason today to buy a certificate is if you’re concerned about carrying an insurance bond. Most of the paid ones have a liability bond associated with them.
Certificates are issued by domain name so there’s no way to use your URL’s with their certificate. With Let’s Encrypt you get your own certificate that gets installed and renewed on your domain.
CloudFlare will work as a “proxy” server providing your pages over there network. To the end users they aren’t aware that they are getting your pages served via CloudFlare, so the URL’s looks the same.
Keep in mind with CloudFlare pages are only secure from the CloudFlare server to the users computer. Unless you have a certificate on your server they’ll be non secure from your host to the CloudFlare server.
So even if you want to use CloudFlare for speed or other reasons, I’d still want to have a certificate on the server.
If you really don’t want to change hosts, then CloudFlare would get rid of the non secure warning. There’s a ton of posts here about setting up CloudFlare.