So, anyone that's had a server online with a public IP will know that there are a lot of people out there that will flood you with malicious requests almost immediately. People with malicious intent will put together scripts that scan public network addresses and attempt to exploit known services, or brute force them. Usually looking at the logs of attempts to brute force ssh, I see patterns that are obvious usernames from some db of common usernames. (Note to self, update listening port for ssh from default 22.)
Use openssl to first generate an ssl key if you don't already have one to create the request for. We'll make it a 2048-bit rsa key in this case.
Create combined cert/key for each domain
This blog has pulled off a score 97 for Desktop, and a 95 for mobile on Google PageSpeed Insights.
One of the first things that you might notice when logging into a new CentOS 7 minimal installation is there is no ifconfig command.