1) Settings in dspace.cfg or local.cfg:
dspace.server.url = https://dspace.example.org/server
dspace.ui.url = https://dspace.example.org
solr.server = http://localhost:8983/solr

2) Settings in config.prod.yml:
ui:
  ssl: false  
  host: localhost
  port: 4000
  nameSpace: /

rest:
  ssl: true
  host: dspace.example.org
  port: 443
  nameSpace: /server

3) a2enmod proxy_http proxy_html ssl headers
4) a2dissite 000-default default-ssl
5) vi /etc/apache2/sites-available/dspace.conf
<VirtualHost *:80>
     ServerName dspace.example.org
     Redirect / https://dspace.example.org
</VirtualHost>

<VirtualHost *:443>
     ServerName dspace.example.org
     LogLevel warn
     ErrorLog ${APACHE_LOG_DIR}/dspace.example.org.error.log
     CustomLog ${APACHE_LOG_DIR}/dspace.example.org.access.log combined
     ProxyRequests on
     SSLEngine on
     SSLProxyEngine on
     SSLCertificateFile /etc/letsencrypt/live/dspace.example.org/fullchain.pem
     SSLCertificateKeyFile /etc/letsencrypt/live/dspace.example.org/privkey.pem
     SSLCompression off
     SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
     SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
     SSLHonorCipherOrder     off
     SSLSessionTickets       off
     ProxyPreserveHost on
     RequestHeader set X-Forwarded-Proto https

   <Proxy *>
       AddDefaultCharset Off
       Require all granted
   </Proxy>

     ProxyPass /server http://localhost:8080/server
     ProxyPassReverse /server http://localhost:8080/server
     ProxyPass / http://localhost:4000/
     ProxyPassReverse / http://localhost:4000/

</VirtualHost>

6) a2ensite dspace.conf
7) ufw allow 'OpenSSH'
8) ufw allow 'Apache Full'
9) ufw enable
10) ufw status
11) systemctl restart apache2