Document says you need to have CNAME
record for automatic renewal (in https://aws.amazon.com/premiumsupport/knowledge-center/certificate-fails-to-auto-renew/)
DNS validated certificates
Update your DNS configuration to include the CNAME records provided by ACM.
And for Loadbalancer, you need A
record not CNAME
according to (http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/using-domain-names-with-elb.html and RRSet of type CNAME with DNS name foo.com. is not permitted at apex in zone bar.com)
How do I renew the certificate that's used with loadbalancer?