If working in a Kubernetes environment you can use cert-manager that basically manages certificate lifetime for you, just need to make the crt/key available to your services using secret references as volumes.

If you're not using k8s certbot is also an option, you get your certificates under /etc/letsencrypt/live/$domain.