[thisgoodlife]

You can automate the process. Try certbot.

[eatsyourtacos]

I know it can be automated even more, but in my situation it's just not practical even having to release to a lot of (disconnected) machines.

[fsmv]

You should use a reverse proxy server so you only have the cert on one machine.

I actually made one for myself in go that's been pretty fun. You can try it if you want (https://github.com/fsmv/daemon) but you should be able to set it up with apache or nginx as well.