There is no certbot rpm package available for ami linux 2018 and certbot python package requires least python 3.6. This example first installs python 3.6, updates pip3 and then installs certbot. Default AMI 2018 python 2.7 is kept and no mixup

Install python 3.6

yum install python36-pip

This will install pip3 and also python36. Cryptography python module requires newer pip3 ver. 21.x

Upgrade pip3

pip3 install --upgrade --ignore-installed pip setuptools

One cannot run pip3 install -U letsencrypt-nginx since letsencrypt-nginx depends on pip3 ver. 9. So let's use workround

Install letsencrypt-nginx module

python36 -m pip install letsencrypt-nginx

This will install all needed modules. Now you have certbot and nginx module as well

Install certificate

certbot --nginx -d example.com -d www.example.com

Renew certificate

Reload nginx automatically.

certbot renew --nginx --post-hook "service nginx reload"

Crontab

You most likely want also crontab job for renew

crontab -e

Add following example (runs job once a day):

0 0 * * *  certbot renew --dry-run --nginx --post-hook "service nginx reload" >/dev/null 2>&1

PS! This does not actually renew certificate every day. Let's encrypt will check certificate and renews by default 30 days before certificate expires.