the apache client should create the SSL binding and configuration for you.
there is a debug challenges option which you can use this to figure things out
–debug-challenges After setting up challenges, wait for user input
before submitting to CA (default: False)
Try the following
certbot-auto --apache
Andrei