Digitalocean CDN, custom domain and Cloudflare SSL

Hey! We use Digitalocean’s spaces with enabled CDN to keep static files. And we decided to try a custom domain. To do that, I have created an Origin SSL certificate in my Cloudflare Dashboard and loaded it to the DO. Then I just applied it to CDN’s custom domain. Also, I have created a CNAME record: cdn.my.domain -> DO’s Edge URL. So far looks good, but: While I can reach my files with new name via HTTP, HTTPS doesn’t work and I see that error:

• ALPN, offering h2
• ALPN, offering http/1.1
• successfully set certificate verify locations:
• CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
• TLSv1.3 (OUT), TLS handshake, Client hello (1):
• TLSv1.3 (IN), TLS alert, handshake failure (552):
• error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
• Closing connection 0 curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

I have tried to:

1. add Cloudflare Origin CA root certificate to DO;
2. enable SSL Full (strict).
3. checked cert and key with openssl, they are valid. Nothing works. Have anyone seen such an error? Any ideas what might be wrong?