I have a Regional API Gateway (WebSocket flavor) with a custom domain name and am seeing intermittent SSL domain name mismatch errors. When checking with a tool like https://www.leaderssl.com/tools/ssl_checker it shows that sometimes a cert for *.execute-api.us-west-2.amazonaws.com is being returned instead of the custom domain name. I have verified the following:
Certificate is in the us-west-2 region
API Gateway is in the us-west-2 region
Route 53 domain name points to the URL of the custom domain name and not the API
Note that the custom domain name URL shows d-{id}.execute-api.us-west-2.amazonaws.com and not a something.cloudfront.net URL
Any other thoughts as to why this might be happening?