Thanks for your reply.
I tried that and got this success message:
Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/api.param.me/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/api.param.me/privkey.pem
Your cert will expire on 2019-06-27. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
But my site still doesn’t have HTTPS… Is there anything I have to do manually? Other guides show adding this to the site’s .conf file
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/DigiCertCA.crt