For apache2 redirection of http to https
https://linuxize.com/post/redirect-http-to-https-in-apache/
and in preparation for valid certs
But before you redirect everything to https, for LE best usage, please read and successfully implement
for what challenges are available to us, if you don’t want to open http on port 80 HTTP-01, then DNS-01 is a possibility (and IMHO a better choice) and can be automated with many popular Name Servers using an enabled client (https://github.com/acmesh-official/acme.sh being my choice) that way you never need to open any port on your PBX.
If you insist on using port 443 then TLS-ALPN-01 , but this is very far from trivial (nor really necessary)
Any way you do it your keys and certs need to end up in /etc/asterisk/keys/*.{crt,key} and
fwconsole cert --help
to use the options necessary to import, update, set the default and so propagate those certs to /etc/asterisk/keys/integration