install the Certbot client

pkg install py27-certbot

generate certificate

certbot certonly --webroot -w /usr/local/www/example -d example.xyz

I do recomend to use spring on http and use nginx as proxy server. Here is the nginx config:

        server {
                listen 443;
                server_name example.com;

                ssl on;
                ssl_certificate /usr/local/etc/letsencrypt/live/example.com/fullchain.pem;
                ssl_certificate_key /usr/local/etc/letsencrypt/live/example.com/privkey.pem;
                ssl_session_cache shared:SSL:10m;

                location / {
                        proxy_pass http://localhost:8080;
                        proxy_set_header Host $host;
                }
        }

        server {
                listen 80;
                server_name example.com;
                return 301 https://$server_name$request_uri;
        }

renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days only

certbot renew