Probably issues (see details below):
- The certificate returned is invalid.
- You are not using SNI.
The server is returning an invalid SSL certificate. By the "ST=Some-State" note, I would guess that this was probably self-signed at some point:
$ openssl s_client -showcerts -connect stoicreviews.com:443
CONNECTED(00000003)
depth=0 /C= /ST=Some-State/O=Blue Coat SG300 Series/OU=1911162020/CN=54.231.14.132
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C= /ST=Some-State/O=Blue Coat SG300 Series/OU=1911162020/CN=54.231.14.132
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C= /ST=Some-State/O=Blue Coat SG300 Series/OU=1911162020/CN=54.231.14.132
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C= /ST=Some-State/O=Blue Coat SG300 Series/OU=1911162020/CN=54.231.14.132
i:/C= /ST=Some-State/O=Blue Coat SG300 Series/OU=1911162020/CN=192.168.68.11
-----BEGIN CERTIFICATE-----
MIICsDCCAhmgAwIBAgIIKHPLBQAAAAAwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UE
BhMCICAxEzARBgNVBAgTClNvbWUtU3RhdGUxHzAdBgNVBAoTFkJsdWUgQ29hdCBT
RzMwMCBTZXJpZXMxEzARBgNVBAsTCjE5MTExNjIwMjAxFjAUBgNVBAMTDTE5Mi4x
NjguNjguMTEwHhcNMTYwNTIzMTYyMjM1WhcNMTYwNzIyMTYyMjM1WjBwMQswCQYD
VQQGEwIgIDETMBEGA1UECBMKU29tZS1TdGF0ZTEfMB0GA1UEChMWQmx1ZSBDb2F0
IFNHMzAwIFNlcmllczETMBEGA1UECxMKMTkxMTE2MjAyMDEWMBQGA1UEAxMNNTQu
MjMxLjE0LjEzMjCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAxxPn9Hgur/fD
+pfYSbFoDrW1sGQ8CafyvKZrUjcehHlicyrWPPkCsD9WP46HURrHs3uNIP3+jpfq
Hc2+nSIqlrM3dfMsnd5xlkuFV/nazT6CpMqHFoV9XLklWhHsk9Vzb5EpaLp7Vrdc
CiT0NYykas1EcmHLLJU9uBWAlh6szw8CAQOjVTBTMAkGA1UdEwQCMAAwCwYDVR0P
BAQDAgXgMB8GA1UdIwQYMBaAFJEocXeLZuqY1Zq1qEn77i+jtMaHMBgGA1UdEQQR
MA+CDTU0LjIzMS4xNC4xMzIwDQYJKoZIhvcNAQEFBQADgYEAF8Roxn5g0nwhMOBp
jGZMgpSXGDYDj7OOR2SGQ0T4SY3CjVtX0KmMSL6rh4bZAhP4CCcv00PwRLTSj/c8
OZCjtpZ912p7AocAVvNrXy8BwbeGhT8N3gHuNKSip1Z++EWOtNK9Axts7CFATjf4
4TgfuXml3+TzN2xWoK0VW3cyARQ=
-----END CERTIFICATE-----
---
Server certificate
subject=/C= /ST=Some-State/O=Blue Coat SG300 Series/OU=1911162020/CN=54.231.14.132
issuer=/C= /ST=Some-State/O=Blue Coat SG300 Series/OU=1911162020/CN=192.168.68.11
---
No client certificate CA names sent
---
SSL handshake has read 1519 bytes and written 456 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 66457B2983FB0AB38C2D21149692181CA87AF95A0FC245DD66973C4169E5C1A1
Session-ID-ctx:
Master-Key: 5A7271C8BE8267BEC290DC24B044160CDEAB1FAE80E014FD1EFA5B723F714E7535525B5754B49638964DBE01D3C2FBB6
Key-Arg : None
Start Time: 1466612554
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
If you hit your CF endpoint directly with a host, you can see what you should be getting:
$ openssl s_client -showcerts -servername stoicreviews.com -connect d1mgnu7uluplwy.cloudfront.net:443
CONNECTED(00000003)
depth=3 /C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/CN=stoicreviews.com
i:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
-----BEGIN CERTIFICATE-----
MIIEajCCA1KgAwIBAgIQA1KedkazSOgXJ6BaIKCyCjANBgkqhkiG9w0BAQsFADBG
MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRUwEwYDVQQLEwxTZXJ2ZXIg
Q0EgMUIxDzANBgNVBAMTBkFtYXpvbjAeFw0xNjA1MjMwMDAwMDBaFw0xNzA2MjMx
MjAwMDBaMBsxGTAXBgNVBAMTEHN0b2ljcmV2aWV3cy5jb20wggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQCg0VBkr3v43IXns3EicgJqDyuCLVwAdFFPhel8
G7+oGNsUAyxA8tU+2LUUI7xGxue6SaXpZ7/1wanXVnibRJ3/JRuwhWk1h1hJN44t
kAwpGkIa8a6WfIvJMFEShNJHY2iakqlb5/cgMHVgHCTp9yZr2pFu6TvRoM7Eq+fW
OABBnbITkznBHc277NBkevCN0SleQPCrVU8kUMLEz0ti3HHDKRQaA2IHZBae7y/T
8ZSNWMqMItu30oFUaU2lNC6Z73PzCwZQui5ECW/zAAO3LsDQdePxykr26kftbHug
M4QWeAxzlMsPtNE+2m77ZhbcSDaSGmtAKBDbGqj8oPMQbGp/AgMBAAGjggF9MIIB
eTAfBgNVHSMEGDAWgBRZpGYGUqB7lZI8o5QHJ5Z0W/k90DAdBgNVHQ4EFgQU5wb0
8YM/aXvtqHfkr4F1gon+aLswMQYDVR0RBCowKIIQc3RvaWNyZXZpZXdzLmNvbYIU
d3d3LnN0b2ljcmV2aWV3cy5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG
CCsGAQUFBwMBBggrBgEFBQcDAjA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8vY3Js
LnNjYTFiLmFtYXpvbnRydXN0LmNvbS9zY2ExYi5jcmwwEwYDVR0gBAwwCjAIBgZn
gQwBAgEwdQYIKwYBBQUHAQEEaTBnMC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5z
Y2ExYi5hbWF6b250cnVzdC5jb20wNgYIKwYBBQUHMAKGKmh0dHA6Ly9jcnQuc2Nh
MWIuYW1hem9udHJ1c3QuY29tL3NjYTFiLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqG
SIb3DQEBCwUAA4IBAQBDl/sF4jU/XChg2wqMAdWSjTQrqkgY8fNjdsf/KZxPf3eW
QF5ueCBIB41i3OBUK8waAXCaHXaRgIzOB488E5bz0Wm5a7gNKwshGG0D9u4ZxKJ8
rYI6B06EpzE/CAoKYxNz27JVG6PBvcS2FS1/lNM5m3bjtcJudXwuSs0qrkUAfLCf
L933OZxcvO6BWE6brZM7tyssM75OYkCGLI3Jh8KaKSC9LsRUyV1zxQDnsl2F3mOs
kgdrCZHEF8XGGTbT03jfeFRbL+vlMysefYFfL0ruFpVBK84fwYvFwP9GL3SdFZfs
mNhkOO4Rt1u0fM++sQBBjS+vW0NyJjk/4sv2gJIk
-----END CERTIFICATE-----
1 s:/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
i:/C=US/O=Amazon/CN=Amazon Root CA 1
-----BEGIN CERTIFICATE-----
MIIESTCCAzGgAwIBAgITBn+UV4WH6Kx33rJTMlu8mYtWDTANBgkqhkiG9w0BAQsF
ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
b24gUm9vdCBDQSAxMB4XDTE1MTAyMjAwMDAwMFoXDTI1MTAxOTAwMDAwMFowRjEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEVMBMGA1UECxMMU2VydmVyIENB
IDFCMQ8wDQYDVQQDEwZBbWF6b24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDCThZn3c68asg3Wuw6MLAd5tES6BIoSMzoKcG5blPVo+sDORrMd4f2AbnZ
cMzPa43j4wNxhplty6aUKk4T1qe9BOwKFjwK6zmxxLVYo7bHViXsPlJ6qOMpFge5
blDP+18x+B26A0piiQOuPkfyDyeR4xQghfj66Yo19V+emU3nazfvpFA+ROz6WoVm
B5x+F2pV8xeKNR7u6azDdU5YVX1TawprmxRC1+WsAYmz6qP+z8ArDITC2FMVy2fw
0IjKOtEXc/VfmtTFch5+AfGYMGMqqvJ6LcXiAhqG5TI+Dr0RtM88k+8XUBCeQ8IG
KuANaL7TiItKZYxK1MMuTJtV9IblAgMBAAGjggE7MIIBNzASBgNVHRMBAf8ECDAG
AQH/AgEAMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUWaRmBlKge5WSPKOUByeW
dFv5PdAwHwYDVR0jBBgwFoAUhBjMhTTsvAyUlC4IWZzHshBOCggwewYIKwYBBQUH
AQEEbzBtMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5yb290Y2ExLmFtYXpvbnRy
dXN0LmNvbTA6BggrBgEFBQcwAoYuaHR0cDovL2NydC5yb290Y2ExLmFtYXpvbnRy
dXN0LmNvbS9yb290Y2ExLmNlcjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3Js
LnJvb3RjYTEuYW1hem9udHJ1c3QuY29tL3Jvb3RjYTEuY3JsMBMGA1UdIAQMMAow
CAYGZ4EMAQIBMA0GCSqGSIb3DQEBCwUAA4IBAQCFkr41u3nPo4FCHOTjY3NTOVI1
59Gt/a6ZiqyJEi+752+a1U5y6iAwYfmXss2lJwJFqMp2PphKg5625kXg8kP2CN5t
6G7bMQcT8C8xDZNtYTd7WPD8UZiRKAJPBXa30/AbwuZe0GaFEQ8ugcYQgSn+IGBI
8/LwhBNTZTUVEWuCUUBVV18YtbAiPq3yXqMB48Oz+ctBWuZSkbvkNodPLamkB2g1
upRyzQ7qDn1X8nn8N8V7YJ6y68AtkHcNSRAnpTitxBKjtKPISLMVCx7i4hncxHZS
yLyKQXhw2W2Xs0qLeC1etA+jTGDK4UfLeC0SF7FSi8o5LL21L8IzApar2pR/
-----END CERTIFICATE-----
2 s:/C=US/O=Amazon/CN=Amazon Root CA 1
i:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgITBn+USionzfP6wq4rAfkI7rnExjANBgkqhkiG9w0BAQsF
ADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNj
b3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4x
OzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1
dGhvcml0eSAtIEcyMB4XDTE1MDUyNTEyMDAwMFoXDTM3MTIzMTAxMDAwMFowOTEL
MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
jgSubJrIqg0CAwEAAaOCATEwggEtMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgGGMB0GA1UdDgQWBBSEGMyFNOy8DJSULghZnMeyEE4KCDAfBgNVHSMEGDAW
gBScXwDfqgHXMCs4iKK4bUqc8hGRgzB4BggrBgEFBQcBAQRsMGowLgYIKwYBBQUH
MAGGImh0dHA6Ly9vY3NwLnJvb3RnMi5hbWF6b250cnVzdC5jb20wOAYIKwYBBQUH
MAKGLGh0dHA6Ly9jcnQucm9vdGcyLmFtYXpvbnRydXN0LmNvbS9yb290ZzIuY2Vy
MD0GA1UdHwQ2MDQwMqAwoC6GLGh0dHA6Ly9jcmwucm9vdGcyLmFtYXpvbnRydXN0
LmNvbS9yb290ZzIuY3JsMBEGA1UdIAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQsF
AAOCAQEAYjdCXLwQtT6LLOkMm2xF4gcAevnFWAu5CIw+7bMlPLVvUOTNNWqnkzSW
MiGpSESrnO09tKpzbeR/FoCJbM8oAxiDR3mjEH4wW6w7sGDgd9QIpuEdfF7Au/ma
eyKdpwAJfqxGF4PcnCZXmTA5YpaP7dreqsXMGz7KQ2hsVxa81Q4gLv7/wmpdLqBK
bRRYh5TmOTFffHPLkIhqhBGWJ6bt2YFGpn6jcgAKUj6DiAdjd4lpFw85hdKrCEVN
0FE6/V1dN2RMfjCyVSRCnTawXZwXgWHxyvkQAiSr6w10kY17RSlQOYiypok1JR4U
akcjMS9cmvqtmg5iUaQqqcT5NJ0hGA==
-----END CERTIFICATE-----
3 s:/C=US/ST=Arizona/L=Scottsdale/O=Starfield Technologies, Inc./CN=Starfield Services Root Certificate Authority - G2
i:/C=US/O=Starfield Technologies, Inc./OU=Starfield Class 2 Certification Authority
-----BEGIN CERTIFICATE-----
MIIEdTCCA12gAwIBAgIJAKcOSkw0grd/MA0GCSqGSIb3DQEBCwUAMGgxCzAJBgNV
BAYTAlVTMSUwIwYDVQQKExxTdGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTIw
MAYDVQQLEylTdGFyZmllbGQgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
eTAeFw0wOTA5MDIwMDAwMDBaFw0zNDA2MjgxNzM5MTZaMIGYMQswCQYDVQQGEwJV
UzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTElMCMGA1UE
ChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjE7MDkGA1UEAxMyU3RhcmZp
ZWxkIFNlcnZpY2VzIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVDDrEKvlO4vW+GZdfjohTsR8/
y8+fIBNtKTrID30892t2OGPZNmCom15cAICyL1l/9of5JUOG52kbUpqQ4XHj2C0N
Tm/2yEnZtvMaVq4rtnQU68/7JuMauh2WLmo7WJSJR1b/JaCTcFOD2oR0FMNnngRo
Ot+OQFodSk7PQ5E751bWAHDLUu57fa4657wx+UX2wmDPE1kCK4DMNEffud6QZW0C
zyyRpqbn3oUYSXxmTqM6bam17jQuug0DuDPfR+uxa40l2ZvOgdFFRjKWcIfeAg5J
Q4W2bHO7ZOphQazJ1FTfhy/HIrImzJ9ZVGif/L4qL8RVHHVAYBeFAlU5i38FAgMB
AAGjgfAwge0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0O
BBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMB8GA1UdIwQYMBaAFL9ft9HO3R+G9FtV
rNzXEMIOqYjnME8GCCsGAQUFBwEBBEMwQTAcBggrBgEFBQcwAYYQaHR0cDovL28u
c3MyLnVzLzAhBggrBgEFBQcwAoYVaHR0cDovL3guc3MyLnVzL3guY2VyMCYGA1Ud
HwQfMB0wG6AZoBeGFWh0dHA6Ly9zLnNzMi51cy9yLmNybDARBgNVHSAECjAIMAYG
BFUdIAAwDQYJKoZIhvcNAQELBQADggEBACMd44pXyn3pF3lM8R5V/cxTbj5HD9/G
VfKyBDbtgB9TxF00KGu+x1X8Z+rLP3+QsjPNG1gQggL4+C/1E2DUBc7xgQjB3ad1
l08YuW3e95ORCLp+QCztweq7dp4zBncdDQh/U90bZKuCJ/Fp1U1ervShw3WnWEQt
8jxwmKy6abaVd38PMV4s/KCHOkdp8Hlf9BRUpJVeEXgSYCfOn8J3/yNTd126/+pZ
59vPr5KW7ySaNRB6nJHGDn2Z9j8Z3/VyVOEVqQdZe4O/Ui5GjLIAZHYcSNPYeehu
VsyuLAOQ1xk4meTKCRlb/weWsKh/NEnfVqn3sF/tM+2MR7cwA130A4w=
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=stoicreviews.com
issuer=/C=US/O=Amazon/OU=Server CA 1B/CN=Amazon
---
No client certificate CA names sent
---
SSL handshake has read 4899 bytes and written 451 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID: 6AC19FB216F5275C592E8C7554D7BC80CB98DC453A3A6E135E627B7E4AFB9783
Session-ID-ctx:
Master-Key: 3107A0BB8637650EE03829FA52413E83E6CD138F34EE6D7AAD8436DAD33FCD5AFBDDCFFA2EFB25E65332B801F728B9F1
Key-Arg : None
TLS session ticket lifetime hint: 10800 (seconds)
TLS session ticket:
0000 - ac 8d 99 36 7f a3 e4 6c-a4 5b 8f b8 3b 69 8c 88 ...6...l.[..;i..
0010 - 72 43 6b 51 c3 7f 5a b2-7f 75 3f 80 32 b9 39 08 rCkQ..Z..u?.2.9.
0020 - 66 32 f8 72 eb c8 4e eb-0d 50 cf 5c 8d dd 54 22 f2.r..N..P.\..T"
0030 - 56 31 8f 8e 94 7b 44 e0-9a d7 68 6e 7f 0d a6 5f V1...{D...hn..._
0040 - 03 d6 f4 3e 86 73 0f 73-65 03 31 4f b4 eb c1 63 ...>.s.se.1O...c
0050 - eb b1 fa 98 5e e1 b2 0f-c9 3b 8f c6 1b 70 4f 58 ....^....;...pOX
0060 - 07 17 7b 0b 2e 5d 07 8f-30 9f 6b 6f 12 fc fb a9 ..{..]..0.ko....
0070 - cb 7e bd 93 26 99 94 01-69 16 80 9e c7 1f fb fa .~..&...i.......
0080 - db 6b 21 ba aa af f5 1d-47 e7 8b 18 78 50 ec 15 .k!.....G...xP..
0090 - 8b 7f a0 3e ea 56 37 8a-61 0d 51 ea bb 2c e6 a2 ...>.V7.a.Q..,..
00a0 - b1 c9 2f 13 95 fb e8 20-40 13 cb 41 bb 7c 6f c1 ../.... @..A.|o.
Start Time: 1466612977
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Note also that because I didn't have to pass a -servername with OpenSSL to your bare domain, it suggests that you are not on SNI. Only the very expensive CloudFront SSL termination option is not using SNI, so this is probably wrong.
Unfortunately the "magic" A-level records (like Route53's alias) are hard to inspect from the outside. It looks like your domain is pointing to Amazon servers, but I would guess that your Route53 is misconfigured somewhere.