Customers on some plan can upload a certificate of their choice, and generally have to provide the key along with it. Keyless SSL exists, but isn't widespread.
Ah, I guess the point I'm missing is that with a 'serverless' setup, the cloud provider must have access to your private key? Unless you use some sort of key server setup (what they call Keyless SSL)
How would they be able to give up customers' SSL keys?