I buy a cheap Comodo cert from sslpoint.com
All subsequent commands are executed as root. otherwise use sudo.
service apache2 stop
/etc/ssl/private/server.key #here the content of private key (you will receive this during the purchase)
/etc/ssl/certs/server.crt #here the content of www_yourDomain_com.crt file
service apache2 start
If not done before, then now "go to your domain" > "options" > "Fix apache Configuration without ssl"
If you install certbot earlier, crontab -e and delete the update job (and apt-get purge certbot).
Have fun ^^