After connecting the domain name to alb and inserting the certificate into alb, payment-related services were provided.
During service, cdn caching was required, so a situation occurred where cloudfront had to be connected to the front end.
I connected cloudfront in front of alb, put the same certificate, matched the tls version, and changed the domain name to confirm normal operation.
However, when connecting to an external payment site
An error such as exception:javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure has occurred.
(Connected normally with alb.)
All settings are the same, but I wonder what causes it to work in alb but not in cloudfront.
Since cloudfront cannot connect to another origin, another listener is connecting to the same cloudfront through the same alb and is serving. Cloudfront's origin configuration and operation are working normally, so the example.com domain is running. Again, the other domain, pay.example.com, is working properly, but the "error exception:javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure" is occurring in communication with the external domain.