SSL Name Mismatch with API Gateway Custom Domain

I have a Regional API Gateway (WebSocket flavor) with a custom domain name and am seeing intermittent SSL domain name mismatch errors. When checking with a tool like https://www.leaderssl.com/tools/ssl_checker it shows that sometimes a cert for *.execute-api.us-west-2.amazonaws.com is being returned instead of the custom domain name. I have verified the following:

• Certificate is in the us-west-2 region
• API Gateway is in the us-west-2 region
• Route 53 domain name points to the URL of the custom domain name and not the API
  • Note that the custom domain name URL shows d-{id}.execute-api.us-west-2.amazonaws.com and not a something.cloudfront.net URL Any other thoughts as to why this might be happening?