Lets encrypt certificate generate on linux machine

Prereq on linux machine, where the domain name is mapped temporarily.

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot

Open port 80 for the VM in order for Certbot to be able to perform domain validation.

sudo certbot certonly --standalone -d mysubdomain.mydomain.com

After this, Certbot would have created the certificate files at 

cd /etc/letsencrypt/live/mysubdomain.mydomain.com/.
cd  ../../archive/mysubdomain.mydomain.com/

Now copy these files to any documents folder and change the ownership to user or set permissions to everyone.

chmod 777 *

After copying the same files to your windows machine you can generate pfx file by running below command from git bash window.

To copy file to your machine: scp azureuser@52.140.7.36:/home/azureuser/prodwindows.pfx .

Convert to pfx file with password.

openssl pkcs12 -export -out mysubdomain.mydomain.com.pfx -inkey /etc/letsencrypt/live/mysubdomain.myproduct.com/privkey.pem -in /etc/letsencrypt/live/mysubdomain.myproduct.com/fullchain.pem -password pass:yourpassword

To use with apache server:

fullchain1.pem --> prod.ma.crt
privkey1.pem -->  prod.ma.key