AWS elastic load balancer SSL certificate

We have this internet-facing classic load balancer with the dns my-elb-1234.region.elb.amazonaws.com but we do not use this for any routing/balancing to our ec2 instances. Also, there is only one ec2 instance in this ELB. In this ec2 instance we only have a nginx server running on it. We do not really use the ELB's DNS as an access/entry point to our server. We have this route53 hosted zone our-proccess.domain that hosts the domains/servers in the nginx server in the ec2 instance in the ELB. This has been going on for years now and just recently found out by our security team

I know we are not doing/using this ELB resource the right way or in any way.

Is there a way to have the ELB's DNS my-elb-1234.region.elb.amazonaws.com to have a signed SSL certificate? We've tried using ACM but it just failed when having the my-elb-1234.region.elb.amazonaws.com in the domain, I think this is because of the amazonaws.com is part of the domain and it is forbidden in ACM. we also tried certbot, which we used to generate the SSL for our-process.domain but i think it still forbids because of the amazonaws.com domain. we also tried having a cname record in the our-process.domain hosted zone routing to the my-elb-1234.region.elb.amazonaws.com but using sslshopper.com to check and it fails as there are no common names in the certificate that match the name(my-elb-1234.region.elb.amazonaws.com).

• You will have to create a certificate in ACM with your own domain process.domain if I got it right.
• Create a cname record for you CLB in process.domain like myoldapp.process.domain mapping to your LB.
• From your CLB, in the listeners, configure the https listener to use the certificate you created for process.domain in step 1.

That should be ok. When a request is coming with myoldapp.process.domain and reach the LB, and the cert on it is configured process.domain; the ssl termination should happen properly with this setup on the LB level.