This document assumes you have purchased a domain name.
Go to AWS Route 53 and create a new public hosted zone in the same region that you set the EB app up in (eu-west-2 in our case).
Wherever you purchased your domain, make sure to add the name servers generated by your new hosted zone.
Then go to AWS Certificate Manager and request a new certificate for your domain with a * for a wildcard before the domain name. Everything can be left as standard.
Once the certificate has been issued, i.e not pending click on the certificate and click "create records in Route 53". Select applicable domain names and create records, they should show up in your Hosted Zone.
Go to the EB environment, go to the Configuration tab and go to the section about instance scaling. Change the type from single instance to load balanced and add a listener on port 443 with HTTPS and select the certificate you set up.
Once the changes have been applied, go to your EC2 Security Groups and here you should see a new load balancer type for your environment. I recommend changing the name to include LB or something similar so you can tell them apart easily.
On your environment's security group, the inbound rules should include http traffic from the load balancer, add it if it doesn't. Update the inbound rules in the load balancer's security group to allow HTTPS traffic from 0.0.0.0 (anywhere), the database and the environment. Also allow HTTP from anywhere.