Full article on : https://cedricleruth.com/how-to-fix-failed-to-start-the-apache-http-server-after-renewing-ssl-certificate-on-aws-ec2-linux/

updateSSLCertificateOnEc2Linux.sh

## Once the certificate renew command is scheduled (or manually with sudo ./etc/letsencrypt/certbot-auto renew) a new certificate is generated
## To check if a new certificate was generated you can run : 
[ec2-user@ip-MyIp ~]$ locate *certbot.pem
/etc/letsencrypt/csr/0000_csr-certbot.pem #old certificate
/etc/letsencrypt/csr/0001_csr-certbot.pem #new certificate

## You then need to change the ssl conf to specify the new certificate :
sudo vim /etc/httpd/conf.d/ssl.conf
## Search for SSLCertificateKeyFile(vim command : ?SSLCertificateKeyFile) and change the file for the new one : 
#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/letsencrypt/live/YOURDOMAIN.com/privkey.pem ## the old file was /etc/letsencrypt/keys/0000_key-certbot.pem

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
SSLCertificateChainFile /etc/letsencrypt/live/YOURDOMAIN.com/chain.pem


## Once this is updated, simply save and quit vim(vim command :wq) and restart the httpd service :
sudo service httpd restart