It sounds like you don't have anything listening for and terminating TLS traffic. So even though you have port 443 open, there's nothing on your EC2 instance handling the traffic (assuming "only using PM2 or nodemon").

Even if you're using nginx - ACM issued certs aren't exportable so that can't be configured to terminate your TLS traffic using an ACM issued cert.

To use an ACM issued cert you'll need to integrate with a compatible service. For example, you could deploy an Application Load Balancer, have that terminate your TLS traffic, and forward web traffic on to your EC2 instance. You'll also then be able to move your EC2 instance into a private subnet rather than exposing it directly to the internet.