Unable to connect via HTTPS to Argo Tunnel with multi-level subdomain

I am trying to set up Argo Tunnel with multi-level subdomain of the form foo.bar.example.com. Following the documentation (https://developers.cloudflare.com/argo-tunnel/reference/tiered-subdomains/), I have obtained a certificate from Cloudflare that covers example.com, *.example.com, and *.bar.example.com, and replaced certificate and private key in the certificate file generated by cloudflared tunnel login.

I am trying to test the tunnel using cloudflared tunnel --hello-world --origincert cert.pem --hostname foo.bar.example.com. I can connect to the http://foo.bar.example.com, but the connection over HTTPS does not work. I get the following error (using curl -vv https://foo.bar.example.com):

*   Trying 172.67.187.43:443...
* TCP_NODELAY set
* Connected to foo.bar.example.com (172.67.187.43) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

When I use a single-level domain, e.g. foo.example.com, then both HTTP and HTTPS work fine.