If you have a public-facing web server you manage and want to enable SSL on it (you should want to), you can generate a self-signed certificate... or you can use Let's Encrypt as a certificate authority and generate a proper certificate.
There are Certbot downloads for various Linux and Unix platforms (including macOS).
If you're using Apache on macOS, you may have to install Homebrew first.
Then you pretty much run
The first time I ran it, I got this weird error:
AH00526: Syntax error on line 9 of /etc/letsencrypt/options-ssl-apache.conf: Setting Compression mode unsupported; not implemented by the SSL library
The certificate lasts only 90 days, but you're expected to automate the renewal process every 60 days anyway.
After you've Certbot-created your certificate and verified it works, do a dry run to make sure you're able to automate a renewal:
If that's good, you can run a cron job or launch daemon for