Amazon's guidance makes it seem like it is easy, but it is not. We are not sure these steps are really correct, as we ran into so many errors and had to try so many things, that it was miracle it worked. We didn't take great notes, so maybe we missed a step.
STEPS:
1) Edit your Amazon security group to allow inbound connections on port 443
2) Add SSL/TLS support to Linux by installing the Apache module mod_ssl:
ec2-user ~]$ sudo yum install -y mod24_ssl
3) Restart Apache
[ec2-user ~]$ sudo service httpd restart
4) Install and run Certbot, the front end client for LetsEncyrpt, using these instructions from Amazon:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/SSL-on-an-instance.html#letsencrypt
5) We got all kinds of different errors. The documentation is poor, and what you find on the internet is all over the board.
Essentially, you have three different configuration files now that are important:
The main apache config file:
sudo nano /etc/httpd/conf/httpd.conf
The config file you get when you install Apache's SSL support:
sudo nano /etc/httpd/conf.d/ssl.conf
The config file you get when you install let's encrypt:
sudo nano /etc/letsencrypt/options-ssl-apache.conf