Ok, was able to reach our team member who’s traveling with family.
Looks like amazon ACM certs should work fine with CloudFront, so that will handle web access from visitors.
But amazon’s automated installs will not automatically propagate to our internal cross-server cert validation in our server apps, so we have to do all that manually, and carefully.
The order processing and database services have a lot of security checks between our amazon servers, so it takes specialized steps from the team architect. We’re working to arrange a remote web conference with him to update it together, once he’s back in a wifi access location.
So ACM looks like a promising solution, and will advise as soon as we can try it out and test.