I'll go a step further: what if someone decides, "Hey, I'll shut that website up by influencing someone to revoke their certificate."
Remember everyone's eagerness to eliminate bare, unencrypted HTTP? How self-signed certs are "sketchy?"
Has this been yet another way to pull the plug on certain parties? Could someone get Cloudflared by a maintainer of certs somewhere along the chain revoking a site's cert because they woke up in a bad mood?