Unable to access gitlab hosted in private subnet on AWS

I have my ec2 instance where gitlab is hosted in private subnet and have an ALB sitting in front of ec2 instance which already has cert. I was trying to generate cert using local-hostname of ec2 instance and that doesn't seem to work (Which you mentioned above). I have tried with create route53 record and attached it to the private instance (Which again won't work coz instance is in private subnet). I was hoping this functionality could added to allow creation of cert for such a case.

ALB (With ACM Cert), (In Public Subnet)---access over 443---->EC2(Private Subnet with gitlab hosted) This will provide end to end ssl communication.

I also tried another option where I generated certs using openssl and placed it at etc/ssl/certs as given here: https://docs.gitlab.com/omnibus/settings/nginx.html. I added my instance's private hostname as external_url and added ALB in front of the ec2 instance to route traffic over 443 to this instance and it still fails.

I have tried using external_url as ALB address but that should not work as gitlab will look for certs of alb in that case.

Can someone confirm if gitlab can be hosted in private subnet? Here is my setup: https://github.com/university-outreach-infrastructure-tf/terraform-gitlab-module/tree/master/module/single-node-omnibus