I want to set up an HTTPS connection between a Cloudfront Web Distribution and a single EC2 origin server. I've studied this Stackoverflow discussion but I still need help. My domain name, "www.newb.com", is pointing at Cloudfront by using Route 53 and that connection has an SSL certificate from ACM.
So that's good but I also need to secure the connection between CloudFront and my EC2 origin. I presently have CloudFront pointing at ec2-XX-XX-XX-XX.compute-1.amazonaws.com - my origin server.
When I try to get an SSL certificate for ec2-XX-XX-XX-XX.compute-1.amazonaws.com, Gandi and Certbot return errors. For instance, Certbot says "Error creating new authz :: Policy forbids issuing for name". Assuming I can't get an SSL certificate on Amazon's ec2-XX-XX-XX-XX name, I need to know what DNS name to use and how to configure CloudFront and my server.
The discussion above references a subdomain name, for instance, like "origin.newb.com" for me. If that's the type of name I should get an SSL certificate for:
1) where do I point CloudFront at? to "origin.newb.com" or still to ec2-XX-XX-XX-XX or something else?
2) when I configure apache's port 443 listeners, what do I set ServerName to?
3) if ACM has already issued an SSL certificate for www.newb.com, will a second SSL certificate from Certbot for "origin.newb.com" create any problems?
My EC2 is a Ubuntu 16.04 LTS LAMP server. A single origin server will be enough for my use case and I don't want to pay for an ELB. Thanks for any help.