By policy, Let’s Encrypt does not allow people to get certificates for generic EC2 hostnames. Mostly because they can change hands far more quickly than certificates expire.
You need to use your own domain name of some sort.
(You can certainly use AWS, EC2, and EC2 IP addresses. You just can’t use the EC2 hostname.)