My apologies for duplicating a topic which was closed with solution but unfortunately in our case the provided solution is not working.
Long story short we had exact same setup with exact same error like in this topic:
I did issued a certificate with lego and I think it is working because when I route the traffic directly to the instance ip with Route53 I can see the certificate is valid, the date is correct and the cloudfront distribution SAN is there.
We didn't have cache before and we had a certificate issued with bncert and my best bet here is that I didn't remove the bncert properly and something is messed up in the middle because when I change the origin policy from HTTPS to HTTP is working but some of the page resources are not loaded because of mixed content errors.
Thank you for reading the post and any help will be appreciated.