AWS EC2 Linux 2 configuration for new PayID protocol

Hi, my first post here.

I'm new to Apache. Tried to learn as much as I can on my own, but have hit a brick wall.
PayID is a new universal payment protocol just released - more details at payid dot org. The objective is to enable sending of a variety of payments using just one human-readable address, of the form user$example.com.

I don't want to run a full PayID server, just serve my own domain which I set up on an AWS EC2 AMI Linux 2 t2.micro instance.
Installed Apache 2.4 and ran Certbot to get SSL certificates for example.com and www.example.com. It happily serves my index.html page in a browser over the internet. SSL Labs gives both version of the domain A+. TLS 1.2 is the only HTTPS protocol accepted by my site. I also installed Node.js (latest stable version) and NVM.

I tried to follow Matt Hamilton's example: https://dev.to/hammertoe/static-serving-payid-address-1eac
Edited httpd.conf along the lines he shows (only showing the non-standard sections here):

<VirtualHost InstancePublicIP:80>
    DocumentRoot "/var/www/html/example.com"
    ServerName "example.com"
    ServerAlias "www.example.com"
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost InstancePublicIP:443>
    DocumentRoot "/var/www/html/example.com"
    ServerName example.com
    ServerAlias www.example.com

    Header always set Strict-Transport-Security "max-age=63072000; preload"

    SSLEngine on
    SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-$
    SSLHonorCipherOrder     off
    SSLSessionTickets       off

    SSLCertificateFile "/etc/letsencrypt/live/example.com/fullchain.pem"
    SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"

    ErrorDocument 404 /404.html

    # PayID
    RewriteEngine On
    RewriteCond "%{HTTP_ACCEPT}" "application/xrpl-mainnet\+json"
    RewriteRule ^(.+) /.pay/$1.json [L]
   
</VirtualHost>

Code (ApacheConf):

And in /var/www/html/example.com/.pay I have a file payme.json:

{
  "addresses": [
    {
      "paymentNetwork": "XRPL",
      "environment": "MAINNET",
      "addressDetailsType": "CryptoAddressDetails",
      "addressDetails": {
        "address": "rVcktW*********************************"
      }
    }
  ],
  "payId": "payme$example.com"
  }

Code (JavaScript):

Permissions are set to 755 for the .pay folder and 644 for the json file.

The HTTP to HTTPS rewrite seems to work. PayID mandates use of HTTPS, so it shouldn't be trying to access port 80 anyway.

The problem is that Xumm, an app that is happy to send XRP to PayID addresses, will not recognise my payme$example.com address, whereas it recognises Matt's address and others. I also tried on a crypto exchange that uses PayID - still no joy, so it's not the Xumm app at fault.

There is a PayID validator site: https://payidvalidator.com/
Entering my address yields the following result:

Validation Results
Score 0%
HTTP Status Code
Value
404
Result
Fail
Message
-
Header Check / Access-Control-Allow-Origin
Value
Result
Fail
Message
The header could not be located in the response.
Header Check / Access-Control-Allow-Methods
Value
Result
Fail
Message
The header could not be located in the response.
Header Check / Access-Control-Allow-Headers
Value
Result
Fail
Message
The header could not be located in the response.
Header Check / Access-Control-Expose-Headers
Value
Result
Fail
Message
The header could not be located in the response.

Code (markup):

It's a pretty comprehensive disaster! I must be doing something very wrong. Any help appreciated!

 

Success!! I solved the problem by moving from AWS to GCP. Google Cloud enables TLSv1.3 whereas AWS is only on v1.2. It may also be necessary to enable HTTP2, but not sure about that.