For AWS Certified Security – Specialty 2020 "CHAPTER 3.11 Custom SSL Certificates With CloudFront", it is stated that for Cloudfront, "If you are using AWS Certificate manager, you certificate must be created or registered in us-east-1, N. Virginia region in order for Cloudfront to use it"
Can you please clarify if this only pertains to AWS-issued SSL for Custom Domain? Because for third party vendor issued SSL (GoDaddy, DigiCert, Verizon etc) which I use on Cloudfront’s custom SSL and I upload through ACM, I can definitely use a different region other than us-east-1 with no problem. I have validated SSL through different SSL compliance site and even through browser and it is valid — it doesn’t have missing chain problem or whatever. I guess it all boils down to how the SSL is actually broken down using OpenSSL because using wrong commands to convert SSL cert will give you invalid SSL like broken chain or SHA-1 vulnerabilities.