Cloudflare issues a certificate which covers your root domain and a wildcard which covers any first level subdomain. A 2nd level subdomain such as foo.bar.example.com is not covered unless you either a. upload your own cert covering that host name or b. order a certificate from Cloudflare which covers custom hostnames (aka a SAN cert) and specify the hostnames you wish to cover… in this instance either www.autoexec or *.autoexec.
No, the free cert from Cloudflare only supports example.com and *.example.com. An origin cert is not intended to be public facing and won’t be displayed on Cloudflare’s edge so while “free” it doesn’t solve the ERR_SSL_VERSION_OR_CIPHER_MISMATCH error.
Cloudflare provides a large number of services free of charge. You want to create a DNS entry which requires a feature (support for a second level subdomain over SSL) which isn’t provided for free. You could grey cloud the entry, or disable always use https and control SSL redirection using page rules or the origin, but a request to Cloudflare for the SSL version fo the URL if would result in the error unless there is a valid certificate on the edge.