So when I read about Let's Encrypt again, I thought I'd give it a shot. They recommend using certbot to automatically enable HTTPS, and I was pretty skeptical but thought it was worth a shot.
And - wow! It totally works! It made a certificate and updated my Apache config that worked correctly out of the box. Now gregstoll.com has a pretty green lock when you visit it :-)