December 19, 2018
Finally found a solution for root HTTPS on Modelmode.io (hosted on AWS) and this website (hosted on Heroku). I'm using Dreamhost as my domain registrar and wanted to keep all domains there. Hence, the issues with DNS, ALIAS, CNAME, etc.
AWS: Created hosted zone (AWS Route 53), added provided NS to registered domain (Dreamhost), added ALIAS to EB instance and CNAME to naked domain (Route 53), issued certificate to naked domain (AWS Certificate Manager), and added port listener 443 HTTPS 80 HTTP linked to issued certificate (AWS EB Load Balancer).
Heroku via Cloudflare: Added new website (Cloudflare), added provided NS to registered domain (Dreamhost), added CNAME @ to *.herokuapp url (Cloudflare), added CNAME www to *.herokuapp url (Cloudflare), issued certificate (Heroku), and added naked domain and www domain to domain list (Heroku).
Root HTTPS is currently working on both domains, although NS may still be propagating. I will update this post in a few hours to confirm.
EDIT (2018-12-20): HTTPS still working on both naked and www domain.
Links in this post: