Since my SSL cert was nearing expiration, I thought it would be a good idea to give Let’s Encrypt (free SSL certs!) a try.
Let’s Encrypt has a helper app called certbot that will configure Apache for you automatically. The really nice thing about certbot is that it will also (via crontab) renew your cert and configure Apache to use the new cert. This is useful, since Let’s Encrypt certs expire every 90 days.
To use certbot effectively, you need an Apache configuration that’s setup the way your distro expects. Mine was not (I hand ported the configs from Ubuntu), so I figured it was a good time to reinstall Apache with the default configs, then run certbot (official instructions here: https://certbot.eff.org/ ).
This initially seemed to work great, but I quickly noticed all of my subpages returned 404 errors. WordPress works best when you allow it to configure a .htaccess file to do URL rewrites. Allowing URL rewrites via .htaccess requires some additional configuration in your ssl.conf file.
sudo nano /etc/httpd/conf.d/ssl.conf
Add the following just before </VirtualHost> at the very end of your config.
Allow from all
Thanks to Mike McMurray who posted the instructions at: https://mike.mcmurray.co.nz/2017/01/08/wordpress-permalink-404-with-https/