SSL certificates are free these days - don't pay for it unless you want the convenience of somebody doing it for you.
Either do it via Amazon CloudFront or via Let's Encrypt (but this is for situations where the above is not possible as it is slightly more complicated, but once you get your head around it it is easy peasy. Needs a bit of linux knowledge
Below is the write-up but I can't transfer the screenshots over. It's my first post, but I have no intention of marketing my blog post, I just like looking at domains in my past time. Anyway if anybody wants to see the pictures and full guide just google "CRUD Web App With Angular, Node.JS, MySQL". If anybody needs some small tips of web dev, let me know - I can't do any work but I can help point you in the right direction.
Adding an SSL certificate to our main website
Click into your CloudFront distribution and edit its general settings. Enter your custom domain into the Alternate Domain Names (CNAMEs) field. You will then need to click on the button to request a certificate from AWS Certificate Manager (ACM). We need to create a custom SSL certificate through ACM for our custom domain and cannot rely on the default CloudFront Certificate. This is because CloudFront does not know whether we truly own our domain, so we need to go through a process to verify this.
Follow the steps to request a certificate in ACM, using the domain name *.yourdomain.com to capture all subdomains and root domains (we want all of them to be attached to our SSL certificate).
On the next page, select DNS validation as your validation method. In Step 3, there is no need to add any tags for our tutorial, so just progress through the remaining steps to generate your certificate. ACM will give us a CNAME record that we need to add to our domain (in Google Domains for me, as Google hosts my domain).
Obviously, only somebody who has access to the domain can add a CNAME record, so this is an easy way for ACM to validate your claim to the domain.
Once you add this CNAME record, you will have two CNAME records in the DNS settings for your main domain. One for pointing your domain to CloudFront and one for validating the domain with ACM for the SSL certificate.
It will look something like the below (noting my CNAME record below is different to the above, because that was just an example — but in your case, the CNAME record you create above will be exactly what goes into the below):
It will take ACM a few minutes to validate your domain, and subsequently generate an SSL certificate.
Now go back to your CloudFront distribution settings, select Custom SSL Certificate and link your recently created SSL to your domain (from the same page where you requested a custom SSL certificate, you can now find your newly created certificate and add it to your distribution). Save changes.