first step is to apply a ssl certifciation on startsll. Please notice there is no username/passwd to login startsll website instead of certification on your browser which is installed by startssl. second is to follow website to fill personal information, validation your email and produce private key. private key (ssl.key) is not stored in startsll server, but it will download to your computer. Then you need to wait for sometimes to fetch public key (ssl.crt) and retrieve it from "Retrieve Certificate" in Toolbox.
Last thing needs to notice is firewall configuration on your server. Please open 443 port and remove other un-necessory configuration rule for 443. Previously I forwarded 443 to 8080 for shadowsocks and it toke me long time to find that is root caused for my https connection failure