Context:
- Created S3 bucket [used example.com, not www.example.com for S3 bucket name]
have permissions set as shown in screenshot. 
- Certificates [applied]. Please see the screenshot
[certs applied to Route 53. Please see the screenshot 
- CloudFront [please see config screenshot
![] Added a subdomain here enter image description here](https://i.stack.imgur.com/B0dI3.png)
4. Route 53 [configured, please let me know if there are screenshots that would help]
Observed Results: - I can navigate to the "Distribution Domain Name URL" provided in CloudFront's CDN dashboard https://Redacted-Guid.cloudfront.net/ - site resolves fine
- I get the following https://toolbox.googleapps.com/apps/dig/#CNAME/ response and can navigate and resolve the record returned. https://Redacted-Guid.cloudfront.net.
- When I navigate to https://www."example".com, I get the following certificate warnings (please see screenshots).
If I accept the cert, then I get the following 403 error; please see screenshot
#3.
Expected Results: The user can navigate to the domain name and see the site via HTTPS connection without 403 error and having to accept a cert.
Note Please bear with me if there is latency between your answer(s) and my reading them - I've been heads down in this (when the grass was supposed to have been cut by me), and if I don't cut the grass I'm going to be in a doghouse.
You need to register www.example.com as alternate domain in your cloudfront definition (plus a valid certificate to prove you own this domain)