gnupg – Certbot installation from cloudfront.net epel-release mirror

I’m setting up a website on a Centos7 VPS with certbot and let’s encrypt.

I am no expert on network security. I checked to see if my epel-release was pulling certbot from a legit mirror.
I ran yum search epel-release three times back-to-back and got 2 different answers: one epel-release mirror pointing to cloudfront.net and the other to constant.com.

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.vcu.edu
 * epel: d2lzkl7pfhq30w.cloudfront.net
 * extras: mirrors.wcupa.edu
 * updates: mirror.vcu.edu
=================================================================== N/S matched: epel-release ===================================================================
epel-release.noarch : Extra Packages for Enterprise Linux repository configuration

  Name and summary matches only, use "search all" for everything.

=================================================================================

Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.vcu.edu
 * epel: epel.mirror.constant.com
 * extras: mirrors.wcupa.edu
 * updates: mirror.vcu.edu

The constant.com mirror seems to be on the list of fedora mirrors. However, I could not find the cloudfront.net mirror on there. I saw online a few comments abount cloudfront.net being linked to virus/malware/adware, etc..

Before I realized any of this, I had already done my install of certbot using the cloudfront.net mirror. During installation, I never got any questions about a GPG key.

  1. Has my system been compromised?

  2. Is there anyway I can check that I got the right certbot installation? How can I check this after installation of certbot?