Cloudfront with Latency-Based Routing

Okay, I have spent hours trying to figure this out.

I have three cloudfront distributions, us-east-1, eu-west-1 and ap-northeast-2. These point to fargate clusters. This is working fine.

I have been trying to create cloudfront distributions with the same domain name in aliases, but this does not work since you can only have one unique domain per cloudfront. This confuses me because when I set them up with unique names like global-{region}.domain.com and then create the latency based dns, I get this weird error:

This site can’t provide a secure connection. DOMAIN uses an unsupported protocol. ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Unsupported protocol The client and server don't support a common SSL protocol version or cipher suite.

(Additionally I have configured the latency-based route53 entries pointing to the cloudfront distros)

When I change the domain from the region-specific domain to the global.domain.com, it only can be entered on one cloudfront distro, but it works without the error above. This seems like a red herring because I'm using the latest tls with the cert and the distro. I also tried to refactor with wildcard domains in the aliases, but it didn't work.

I guess I'm confused about how best to do this and really confused why cloudfront can't be configured with the same domain. Technically, to me that makes zero sense. I don't care to know the answer to this since it cannot be done, it just baffles me.

I've gone back and forth a billion different ways to no avail.

I simply want to point global.domain.com with latency-based routing -> 3 regional-based cloudfront distros. I guess I need a little direction on how the stink to do this. :(

I'm using a wildcard cert on all distros *.domain.com. I also tried changing all of the aliases to wildcard domains, but it would only set it on one distro.

Not sure that it matters, but I'm using python pulumi to do this.