HTTPS doesn't work with Safari
Solution 1:
curl (if compiled with HTTP/2 support) exhibits the same problem but shows the reason:
http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [upgrade], value: [h2,h2c]
It looks like your server is offering an upgrade to HTTP/2 even though the connection is already done with HTTP/2 - which makes no sense. Not only that, it is explicitly forbidden. From RFC 7540 section 8.1.2.2:
An endpoint MUST NOT generate an HTTP/2 message containing connection-specific header fields; any message containing connection-specific header fields MUST be treated as malformed (Section 8.1.2.6).... connection- specific header fields, such as Keep-Alive, Proxy-Connection, Transfer-Encoding, and Upgrade
It looks for me a bug since Apache should not send this header with HTTP/2.
My guess is that you have a configuration like this
Protocols h2 h2c http/1.1
Given that browsers do not support HTTP/2 without TLS anyway and that no Upgrade header is needed with HTTP/2 over TLS I recommend that you replace this configuration with
Protocols h2 http/1.1
This disables support for the unneeded HTTP/2 without TLS but should hopefully get rid of the Upgrade header this way since this is only needed for upgrading from plain HTTP to plain HTTP/2.
EDIT: according to the comment by the OP changing the Protocols configuration did not help. It was necessary to explicitly work around this behavior (i.e. bug) of mod_http2 by deleting the Upgrade header:
Header unset Upgrade
Solution 2:
I think this is a Safari issue rather than an AWS / SSL issue. The search for that error gets many, many results on Google.
Everything checks out with the website according to the SSL Shopper test and SSL Labs Test.
I found this possible solution to the problem.
The solution was to go into Safari Preferences, under Privacy and list all Details. This provided a log of all sites where cookies, etc had been used. I found the Weather Network domain page and cleared all content from it. I was then able to reload the Weather Network page with no issues. I assume this would work for other similar singular sites.
There's also this which could be done with Apache.