You need to get an external SSL certificate with Cloudfront if you want to have your own domain
When you first set up the CloudFront distribution to serve the Jekyll files in your Amazon S3 bucket you need to use the default CloudFront SSL certificate.
Once you have set up your SSL fully, possibly a freebie from Amazon ACM, then you can go back to your CloudFront distribution settings and choose your own certificate. From this point on CloudFront will show your domain name in URLs instead of a whacky CloudFront domain.
Once your own domain name starts showing in URLs the world becomes a brighter place and all your dreams come true.