CloudFront for HTTP API Gateway with disabled default endpoint

I have a CloudFront distribution with WAF to protect an HTTP API Gateway. CloudFront distribution has an Alternate domain name api.mysite.dev which we manage with CloudFlare (CNAME record points to https://{distro}.cloudfront.net). Distributions Origin is an HTTP API Gateway default endpoint. We use a build-in Auth0 authorizer on API so we cannot use a custom lambda authorizer.

Now I want to higher the security and disable the default API endpoint. I created a Custom domain name for the API with an ACM certificate in the same region and disabled the default endpoint. Instead of the default endpoint, I specified the API's custom domain name as an Origin for CloudFront distribution - (apigw.mysite.dev which is pointing to API Gateway domain name d-123abc123.execute-api.{my-region}.amazonaws.com).

But CloudFront responds with 404 Not Found error when calling the api.mysite.dev as if CF couldn't reach the origin custom domain name. CloudFront logs doesn't bring any valuable info.

I've reviewed the documentation and followed carefully the steps in knowledge center.

Can anyone provide any tips on to how to fix the issue? Can I use a HTTP API with custom domain managed externally (and ACM certificate) as a origin for CloudFront?