alt Hacker Newsholdon, I own domain (with say Let's Encrypt certs), I have my own keys for signing WebBotAuth tokens, I host public cert at my domain...
where does CloudFlare come as a gatekeeper? what do they have to do with me sining my requests and my tokens? am I missing something?
Nothing stops you from signing your own tokens, but if you want those tokens to actually help you get past CFs WAF then you have to convince (or pay) them to trust you. It's kind of like how you can sign your own public TLS certs, but they won't do you much good if the browser vendors don't trust them.