Certificates
Web servers and mail servers should have a valid authorisation certificate. This is essential for encrypting the data transmission and claiming that the data is actually from the stated web site. Web SSL certificates must contain the web site's name as it's common name entry and a public key for the encryption. If you do not have a certificate a self signed one will be automatically created by the Peasy Mail Server. This is fine for mail servers but is not normally acceptable for web servers. Web browser will not normally open a HTTPS page without the certificate being validated.The browser will check the certificate is signed by one of the root certificate it has in it's list. If this fails for any reason the browser will alert the user that the web site is high risk and will not normally allow the page to be opened.
Obtaining a web site SSL certificate
Specialised companies called Certified Authorities (CA) provide SSL certificates, which can be purchased online. The cost of a web site SSL certificate can be several hundred dollars per year.
For a basic website it is possible to use letsencrypt.org as they offer free certificates. When generating a certificate they will instruct you to set a specific code into your Domain Name Server "_acme-challenge...." TXT field. This is used to prove that you administer the domain for your website. By running their application it will generate private keys that can be used by your Server.
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key