So we know it works from the CLI and your machine.
And you appear to have a real SSL cert.
So is is your AWS firewall? And only you are allowed thru your firewall?
Your callback needs to be web accessble by anyone, since Twitch Eventsub doesn’t have “fixed” IP addresses that it calls from. So firewall would be my next suggestion. (Or the AWS routing rules equivalenet that I forget the name of)