ChALkeR
commented
6 years ago @davisjam You don't have to «register» it manually, https://letsencrypt.org/ offers free automated certs.
See e.g. https://certbot.eff.org/lets-encrypt/debianstretch-nginx (adjust to your webserver and OS, there is a dropdown select).
The client assumes the server is trustworthy because I haven't registered the certificate with a CA. This is not good.
Thanks @ChALkeR for reminding me.