Only the certificates registered in the US East (N.Virginia) region will be enabled to use in cloudfront.
This might take a whole day for AWS to propagate the new certificate to all the nodes. And when you log back into the console, your certificate will be enabled.
If this didn’t work, follow these steps:
- Use ACM to create a certificate in us-east-1 (N.Virginia) or import an existing certificate to IAM.
- Wait until it is validated, the load the cloudfront distribution setting edit page.
- If custom SSL option is in grey, logout and login which will refresh it.
The key to solve this problem is to change your location to us-east-1.