I am just reviving this topic to cross-reference against the updated info on Integrating AWS Roles Anywhere with Let’s Encrypt, so it is not used as a starting point again.
As @rmbolger inferred above, and again in the updated topic, this AWS product is neither designed for, nor compatible with, public CA's like LetsEncrypt. AWS now has systems in place to prevent accidentally leveraging a public CA.