Certbot

Let's Encrypt is a free, automated, and open certificate authority.

From the official website: "Anyone who has gone through the trouble of setting up a secure website knows what a hassle getting and maintaining a certificate can be. Let’s Encrypt automates away the pain and lets site operators turn on and manage HTTPS with simple commands."

Preliminary
Point an external IP at http (port 80/tcp) and https (port 443/tcp) at a web server and setup DNS for it. This is important. You have to prove you own the IP/domain. You could use dynamic DNS if necessary.

acme-tiny (manual installation)
is a short Python script which is useful, quick way to get started.

Either the script from the acme-tiny repository on GitHub or  the raw script directly from GitHub:

Make a directory for challenges to be created in:

Add this to the Apache http vhost; IE port 80 vhost:

Set these in the Apache https vhost; IE port 443 vhost:

Make a directory to hold the various files related to LE:

Create an account key, domain key and a CSR (replace www.example.co.uk with your host name):

Register and create the various certificate files:

Restart Apache (systemd):

Restart Apache (OpenRC):

Renewal script:

Add a monthly cron job:

External resources

 * Manual installation - In the event manual installation is preferred. Note: Portage will not track the installation if the Let's Encrypt is manually installed; this is not recommended by Gentoo developers.