This will help you get a signed certificate for your dn42 domain.
Download the client bash script from the link below
Run ./client.sh print_key which will generate a key-pair that must be added to the registry. (Used to verify domain ownership, it is only required to be added once and does not change)
Run ./client.sh get_certificate domain.dn42 (replace domain.dn42 with your domain) to generate a certificate and have it signed
Configure the signed.crt and server.key files resulting from the previous command in your webserver.