Days of requiring private CAs have long been over since https://LetsEncrypt.org began providing free certs.That is not true and not what a PKI is used for. I suspect you are thinking of self-signed certs
I googled this already......Really no need for that. Like I said in my comment Just as a check
For a setup once + forget forever solution, use https://LetsEncrypt.org + you'll be up + running in a few minutes.
If you go the route of running a private CA, instructions about how you go about this tend to be unique for each environment.
Refer to your notes when you first setup your CA + just go through your entire command sequence again.