I have a production web server running on my own hardware. When I created it I did not create self-signed SSL certs. Every document I've read on this site pertaining to SSL wants to start by running option 2 to create a new vhost, and then choose to have it create self-signed certs. It is not at all clear if doing so on a running install will overwrite my site, just my site configuration, or simply perform steps not previously chosen. I've gotten certbot to issue me the cert.pem, chain.pem, fullchain.pem, and privkey.pem files. Now I'm just trying to figure out where to put them and how to change nginx config files so it knows how to find them and how to handle SSL connections, and I haven't found any documentation that starts where I am and goes to that end point. Where should I look next?