The TTL used by CloudFlare is only 300 seconds.
HSTS specifically takes longer because the browser has retained the instruction. For example on Chrome you can visit chrome://net-internals/#hsts and remove a domain, which will immediately bypass the old HSTS instruction.
Are you referring to the default shared SSL that CloudFlare implements? If not what’s the source?
In your app.yml did you enable support for Let’s Encrypt by uncommenting the entries for web.template.ssl and web.letsencrypt.ssl.template? They’re all you need for HTTPS at the server end. Once they’re working you can safely enable strict HTTPS at CloudFlare.