Certbot

Let's Encrypt is a free, automated, and open certificate authority.

From the official website: "Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands."

There are several options.

Preliminary
Point an external IP at http (port 80/tcp) and https (port 443/tcp) at a web server and setup DNS for it. This is important. You have to prove you own the IP/domain. You could use dynamic DNS if necessary.

acme-tiny (manual installation)
is a short Python script which is useful, quick way to get started.

Either the script from the acme-tiny repository on GitHub or  the raw script directly from GitHub:

Make a directory for challenges to be created in:

Add this to the Apache http vhos; IE port 80 vhost:

Set these in the Apache https vhost; IE port 443 vhost:

Make a directory to hold the various files related to LE:

Create an account key, domain key and a CSR (replace www.example.co.uk with your host name):

Register and create the various certificate files:

Restart Apache (systemd):

Restart Apache (OpenRC):

Renewal script:

Add a monthly cron job:

External resources

 * Manual installation - In the event manual installation is preferred. Note: Portage will not track the installation if the Let's Encrypt is manually installed; this is not recommended by Gentoo developers.