Password protect https apache server

I'm having trouble adding apache password protection to the HTTPS version of a site. This server is running Ubuntu 14.04 and I've installed apache2. There is only one site on the whole server.

I have succeeded in password-protecting the HTTP version of the site by entering the following code in /apache2/sites-enabled/000-default.conf:

 <Directory "/var/www/">
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user

I noticed that this protects the http version but not the https version. I've tried a number of things to protect that version too, including entering the same code in the .conf file that Let's Encrypt automatically created when I added the security cert and ran certbot. That did not have any effect.

I also tried creating a new VirtualHost block that covers *:443 instead of *:80. This did not work either. HTTPS works fine, but no password is required to hit the page.

I then added this code to the default .conf file to force HTTPS:

    SSLOptions +StrictRequire
    SSLRequire %{HTTP_HOST} eq ""

This works to force HTTPS but still no password requirement.

I'm stumped at this point, and my googling is not returning anything productive. If you can help I would appreciate it.