I will be using MacOS

Requirements:

- AWS Lightsail Instance

Initialization

sudo apt install snapd
sudo apt-get update
sudo apt-get install software-properties-common
sudo snap install certbot --classic
sudo apt-get update -y
sudo apt-get install certbot -y

keep browser-based SSH terminal open

DNS Settings

DOMAIN=example.com
WILDCARD=*.$DOMAIN
echo $DOMAIN && echo $WILDCARD
-> should produce:
example.com
*.example.com
sudo certbot -d $DOMAIN -d $WILDCARD --manual --preferred-challenges dns certonly

proceed with prompts

Add TXT records to Domains DNS Zone in Lightsail

location: https://lightsail.aws.amazon.com/ls/webapp/domains

Add TXT Record subdomain:

_acme-challenge

response with:

bxuohCjH5c-ICf5L4oVoQ4wsS5bwQZunc9zCrisX9-8

do few more times follow instructions from the SSH window

Create links to ssl cert files in Apache

sudo /opt/bitnami/ctlscript.sh stop
DOMAIN=example.com
echo $DOMAIN
-> example.com
sudo mv /opt/bitnami/apache2/conf/server.crt /opt/bitnami/apache2/conf/server.crt.old
sudo mv /opt/bitnami/apache2/conf/server.key /opt/bitnami/apache2/conf/server.key.old
sudo mv /opt/bitnami/apache2/conf/server.csr /opt/bitnami/apache2/conf/server.csr.old
sudo ln -s /etc/letsencrypt/live/$DOMAIN/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo ln -s /etc/letsencrypt/live/$DOMAIN/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo /opt/bitnami/ctlscript.sh start
sudo chmod 666 /opt/bitnami/apps/wordpress/htdocs/wp-config.php

then install Really Simple SSL plugin activate

RENEW EVERY 90 DAYS

source: https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-using-lets-encrypt-certificates-with-wordpress#complete-the-prerequisites-lets-encrypt-wordpress