How to get an SSL certificate from a real registrar

Now that Let’s Encrypt exists, the below information is a lot less useful…

Generate a unique site key:

openssl genrsa -out $SITE.key 4096

Generate a certificate signing request:

openssl req -new -config $SITE.cnf \
            -key $SITE.key -out $SITE.csr