You can do it on any server with openssl installed with this command:
openssl req -sha256 -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr
Your private key will be inside server.key and the csr to get get the certificate will be inside server.csr
*Hint: The common name must match your domain name like www.example.com. For wildcard certs, use *.example.com as cmmon name.