First of all, a private key is needed before genreate a signing request. Either use openssl
openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048 openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr
or use Azure key vault specially if you want to store the certificate in Azure
- From KeyVault, SETTINGS->Certificates->Generate/Import, set "Type of Certificate Authority(CA)" to "Certificate issued by a non-integated CA"
- Click the key created just now, choose "Certificate Operation"->"Download CSR" to download the CSR as domain.com.csr
Now we are going to sign the certificate by using certbot, here are the steps
sudo -i add-apt-repository ppa:certbot/certbot apt-get update apt-get install certbot ufw allow 80 ufw allow 443 certbot certonly --standalone --register-unsafely-without-email --csr <your_key_csr>.csr
If Azure key vault is being used, we need to "Merge Signed Request"