Incorrect SAS URL produced for blob when using generate_blob_sas()?

I am trying to retrieve the URL of a blob in a container of a storage account for an Azure US Government account. In particular, I am trying to return the URL of the most recently updated/uploaded blob through this function. However, the URL generated has the incorrect SAS token at the end and I am not sure why. This is my code:

import pytz
import keys as key
from datetime import datetime, timedelta
from azure.storage.blob import BlobServiceClient, BlobSasPermissions, generate_blob_sas

"""
    Access contents of the Azure blob storage. Retrieve the most recently uploaded block blob URL.

    @param blob_service_client: BlobServiceClient object
    @param container_name: string name of container (can change this parameter in the driver code)
    @return URL of the most recently uploaded blob to the storage container with the SAS token at the end
    @return name of the blob that was most recently updated/uploaded
"""
def retrieve_blob_from_storage(account_name, container_name):
    # Instantiate a BlobServiceClient using a connection string
    blob_service_client = BlobServiceClient.from_connection_string(key.CONNECTION_STRING_1)
    container_client = blob_service_client.get_container_client(container_name)
    # Get the most recently uploaded (modified) blob on the container
    now = datetime.now(pytz.utc)
    datetime_list = []
    for blob in container_client.list_blobs():
        datetime_list.append(blob.last_modified)
    youngest = max(dt for dt in datetime_list if dt < now)
    blob_name = ""
    for blob in container_client.list_blobs():
        if blob.last_modified == youngest:
            blob_name = blob.name
    # Generate SAS token to place at the end of the URL of the last uploaded (modified) blob on the container
    sas = generate_blob_sas(account_name = account_name,
                    account_key = key.CONNECTION_STRING_1,
                    container_name = container_name,
                    blob_name = blob_name,
                    permission = BlobSasPermissions(read = True),
                    expiry = datetime.utcnow() + timedelta(hours = 2))
    sas_url = 'https://' + account_name + '.blob.core.usgovcloudapi.net/' + container_name + '/' + blob_name + '?' + sas
    return sas_url, blob_name

When I try to use the sas_url given, I receive the following authentication error:

<Error>
  <Code>AuthenticationFailed</Code>
  <Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:fd40ba66-b01e-008b-7350-5a1de4000000 Time:2021-06-05T21:22:51.5265808Z</Message>
  <AuthenticationErrorDetail>Signature did not match. String to sign used was rt 2021-06-05T23:22:33Z /blob/weedsmedia/weeds3d/MD-C2M-1-CALIB-1-GX010215.MP4 2020-06-12 b </AuthenticationErrorDetail>
</Error>

Does anyone know why this error is occurring? To clarify further, the correct blob (most recently updated/uploaded) name is being returned. I suspect it's something related to the Azure US Government and permissions, but I am not sure how to fix this error. How do I go about fixing this?

Here are the Azure dependencies I'm using:

azure-cli-core                        2.24.0
azure-cli-telemetry                   1.0.6
azure-common                          1.1.26
azure-core                            1.14.0
azure-identity                        1.6.0
azure-nspkg                           3.0.2
azure-storage                         0.36.0
azure-storage-blob                    12.8.1
azure-storage-common                  2.1.0
azure-storage-nspkg                   3.1.0