Thanks to the EFF, we now have a lovely suite of tools for getting globally recognized and trusted SSL certificates for HTTPS via Lets Encypt and their management tool certbot.  

INSTALLATION

    yum install python-certbot-apache certbot

INSTALLING NEW CERTIFICATE

    certbot apache -d DOMAIN.TLD -d DOMAIN2.TLD
    certbot certonly --webroot -w /var/www/html -d DOMAIN1.TLD -d DOMAIN2.TLD

RENEWAL OF EXISTING CERTIFICATE

Recommended to run regularly as the renewal will only occur if the expiry is within the next 30 days.

    certbot renew
    certbot renew --dry-run
    certbot renew --quiet

If errors, the following can be used instead.

    ./certbot-auto certonly -d fqdn.tld -d www.fqdn.tld

AMAZON LIGHTSAIL / AWS ISSUES

Amazon has a few issues with certbot.  Here are the steps to get around them.

INSTALL CERTIFICATE

    wget https://dl.eff.org/certbot-auto
    ./certbot-auto --debug certonly -d www.fqdn.tld -d fqdn.tld

CERTIFICATE RENEWAL

    ./certbot-auto renew

APACHE SSL SUPPORT

Now to install SSL support, if you have not for Apache (2.4 in my example),.

    yum install mod24_ssl

Edit /etc/httpd/conf.d/ssl.conf to fix the following values

    SSLCertificateFile /etc/letsencrypt/live/fqdn.tld/cert.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/fqdn.tld/privkey.pem
    SSLCertificateChainFile /etc/letsencrypt/live/fqdn.tld/chain.pem

RESTART APACHE

sudo service httpd restart

PYTHON MODULE ERROR WORKAROUND

    $ sudo ./certbot-auto --debug certonly -d fqdn.tld -d www.fqdn.tld
    Error: couldn't get currently installed version for /root/.local/share/letsencrypt/bin/letsencrypt: 
    Traceback (most recent call last):
      File "/root/.local/share/letsencrypt/bin/letsencrypt", line 7, in <module>
        from certbot.main import main
      File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/certbot/main.py", line 7, in <module>
        import zope.component
      File "/root/.local/share/letsencrypt/local/lib/python2.7/dist-packages/zope/component/__init__.py", line 16, in <module>
        from zope.interface import Interface
    ImportError: No module named interface

The above is a well known issue that is very poorly documented regarding a failing to properly execute python module for zope. Here are the steps needed to remedy this issue.

    sudo rm -rf /root/.local/share/letsencrypt/
    wget https://dl.eff.org/certbot-auto
    ./certbot-auto --debug certonly -d fqdn.tld -d www.fqdn.tld

    Follow the prompts, and if on Apache2.4, as detailed above, select Apache

This should give you the following:

    $ sudo ./certbot-auto --debug certonly -d fqdn.tld -d www.fqdn.tld
    Saving debug log to /var/log/letsencrypt/letsencrypt.log

    How would you like to authenticate with the ACME CA?
    -------------------------------------------------------------------------------
    1: Apache Web Server plugin - Beta (apache)
    2: Spin up a temporary webserver (standalone)
    3: Place files in webroot directory (webroot)
    -------------------------------------------------------------------------------
    Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
    Cert is due for renewal, auto-renewing...
    Renewing an existing certificate
    Performing the following challenges:
    tls-sni-01 challenge for fqdn.tld
    tls-sni-01 challenge for www.fqdn.tld
    Waiting for verification...
    Cleaning up challenges

    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/fqdn.tld/fullchain.pem. Your
       cert will expire on 2017-08-27. To obtain a new or tweaked version
       of this certificate in the future, simply run certbot-auto again.
       To non-interactively renew *all* of your certificates, run
       "certbot-auto renew"
     - If you like Certbot, please consider supporting our work by:

       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le

    $ sudo service httpd restart
    Stopping httpd:                                            [  OK  ]
    Starting httpd:                                            [  OK  ]