Cloudflare Origin certificates are just like your regular self-signed certificates which are not trusted by browsers. That’s why it’s good for 15 years — it does this not because “self hosted servers”, it does this because it’s self-signed.
The only difference is that it’s Cloudflare, so while browsers don’t trust these certificates, Cloudflare itself does, so it can verify that it’s connecting to the correct origin server.
It is official, and it used to locate inside the client area. It was soon removed because of some usability issue and remains a hidden feature from then on.
Oh and in case you wonder I’m one of the first guys to find out about this 
I think it is a bug because it should still update