Setting up Apache 2.4 with Letsencrypt

I have dehydrate properly renewing certs from Let's Encrypt (which I am using successfully for mail authentication) and I ma trying to get them working for Apache 2.4, but no luck so far.

I created aliases in /usr/local/etc/apache24/ pointing to the files in /usr/local/etc/dehydrated/certs/domain.tld/fullchain.pem and privkey.pem

in httpd.conf I have:

LoadModule ssl_module libexec/apache24/

Include etc/apache24/extra/httpd-ssl.conf
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache "dbm:/var/run/ssl_scache"
SSLSessionCacheTimeout 300

<VirtualHost _default_:443>
DocumentRoot "/usr/local/www/roundcube"
ServerName <a href="" title=""></a>
ServerAdmin <a href="mailto: ... at covisp dot net"> ... at covisp dot net</a>
ErrorLog "/var/log/httpd-error.log"
TransferLog "/var/log/httpd-access.log"
SSLEngine on
SSLCertificateFile "/usr/local/etc/apache24/ssl.pem"
SSLCertificateKeyFile "/usr/local/etc/apache24/ssl.key"
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
<Directory "/usr/local/www/apache24/cgi-bin">
SSLOptions +StdEnvVars
CustomLog "/var/log/httpd-ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

# apachectl -S shows at the end:
*:443 is a NameVirtualHost
default server <a href="" title=""></a> (/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
port 443 namevhost <a href="" title=""></a> (/usr/local/etc/apache24/extra/httpd-vhosts.conf:32)
port 443 namevhost <a href="" title=""></a> (/usr/local/etc/apache24/extra/httpd-ssl.conf:83)

But I just get a failed to load error and I don't see anything helpful in the logs.

I tried removing the links in the apache24 folder and copying the .pem files (privkey.pem to ssl.key), but still get an unable to establish secure connection error.