I got on a call with @McGonagall666 last night and we did some troubleshooting. it turns out SNI-based TLS connections were being reset immediately for reasons I don't understand. If anyone else comes across this discourse post, make sure you can use opessl to connect to your controller/router/etc and ensure you see certificates returned.
To diagnose - use the IP of your host:
openssl s_client -connect 3.18.113.172:8441 </dev/null
The result must be nearly identical to what you see when you use the DNS:
openssl s_client -connect ec2-3-18-113-172.us-east-2.compute.amazonaws.com:8441 </dev/null
When I tried this, the SSL handshake changes a tiny bit:
