Previously, the easiest way to add an SSL certificate to an EC2 instance (and still the Amazon recommended way it appears) has been to create a certificate (free) from Amazon through the certificate manager and then adding that cert to a CloudFront or ELB instance (both of which cost money).
I’ve been successful in using LetsEncrypt to provide SSL for websites running under Windows Server in EC2 using the fantastic Windows ACME Simple (WACS) (previously known as letsencrypt-win-simple (LEWS)). If this is your need, you can always grab the lastest instance on GitHub.
I never seemed to find the correct set of steps to do this on the Amazon Linux instances. However, due to the work of Lawrence McDaniel, I discovered this blog post. He walks you through step by step on how to install mod24_ssl, CertBot (from EFF) and then how to run CertBot to create and install a LetsEncrypt SSL cert on one or more sites on your Apache-served Amazon Linux instance. He also shows you how to use crontab to set up a recurring job to renew the certificates on a regular basis (a necessity since LetsEncrypt certificates expire after 90 days.
Well done Lawrence!
BTW – crontab defaults to vi as the editor. If you aren’t used to using this beast (I know, some people love it) what you really need to know is that you press the letter i on your keyboard to enter INSERT mode so you can edit the file, hit ESC to exit the INSERT mode and then enter “:wq” (without the quotes of course) to write and quite (save and exit) or just “:q” to quit without saving your changes.