As my SSL certificate expired, I've received the renewal from the certificate authority and reimported on AWS Certificate Manager console and it promptly changed from Expired back to Issued. It is directly linked to a CloudFront distribution and it looks like after a while won't reflect that very change. I've then checked it's SSL Certificate Identifier which matches the correct ACM entry. I've invalidated all the cache after that to make sure it would reflect even on a anonymous window but there is no luck just yet.
I was unable to find on AWS documentation if it would take several hours to reflect or any other action is required in order to get it working. One thing I didn't try was to clear local browser cache as I understand that several users depend on that and somehow I'd like this update to be transparent to all of them.
I appreciate any clues or tips on this matter.
I was able to get the new certificate transparently reflected to users by going to the CloudFront distribution and setting the SSL Certificate value to the Default SSL CloudFront Certificate (*.cloudfront.net) then after deploy and propagation, re-selected the Custom SSL Certificate (example.com) from ACM.
Hope it helps anyone on the same situation in the future.