Here’s how it’s done. I’ll be using my machine as an example. (minion.digitalw00t.com)
Create the csr:
openssl req -newkey rsa:2048 -subj /CN=minion.digitalw00t.com -nodes -keyout minion.digitalw00t.key -out minion.digitalw00t.csr
casert request a new server cert, copy/paste the contents of minion.digitalw00t.csr into the page and submit.