Matching certificate for VPC-Link HTTPS endpoint in API Gateway

I would like to change my API from HTTP to HTTPs in API Gateway, but get the following error:

Endpoint request headers: {x-amzn-apigateway-api-id=ghqsfz8w25, 
Accept=application/json, User-Agent=AmazonAPIGateway_xxxx, 
Host=xxx-nlb-ecs-service-xxx-xxxcea41.elb.eu-west-1.amazonaws.com, 
X-Amzn-Trace-Id=Root=1-xxx-xxx}
Endpoint request body after transformations: 
Sending request to https://xxx-nlb-ecs-service-xxx-xxxcea41.elb.eu-west-1.amazonaws.com
Execution failed due to configuration error: 
Host name 'vpce-xxx007-xxxb1h.vpce-svc-xxx318ce.eu-west-1.vpce.amazonaws.com' does 
not match the certificate subject provided by the peer (CN=*.domain.eu)
Method completed with status: 500

With the following configuration:

  • A wildcard certificate *.domain.eu is used
  • The wildcard certificate is assigned to the NLB 443 listener
  • The NLB is integrated with vpce-svc-xxx318ce endpoint in VPC Endpoint Services (AWS PrivateLink)
  • The wildcard certificate is assigned to the custom domain in API-GW
  • The custom domain includes mappings to different APIs (like: api.domain.eu/api1v1, api.domain.eu/api2v1)

The settings of the API method are

With HTTP this configuration was working. Now it seems that I need to associate the VPC endpoint with the wildcard certificate. It is my first experience with AWS and I am not a network expert. Any ideas how I can fix this issue.

Thanks in advance!