Objective - Obtain a certificate from Namecheap and apply it to a vhost running under a docker container (Ubuntu/Apache2).

Namecheap Purchase Process
--------------------------
Create a Certificate Signing Request which you submit to Namecheap for signing - https://decoder.link/csr_generator
Note, the private key in this CSR will become your certificate's private key file (cert.key), once signed.
Namecheap will want you to verify that you own the domain you are requesting the certificate for.
You can do this by creating a particular CNAME record they request or uploading a file that they provide to your website.
Once verified your cert is emailed to you, incudling a bundle cert.
Upload the certs onto your webserver (including the private key from your CSR)
Permissions of root:root 0600 on all the certificates works.
Modify your vhost in /etc/apache2.conf to use the certificates.

<VirtualHost *:443>
  ServerAdmin info@website.com
  DocumentRoot /var/www/html/website.com
  ServerName website.com
  ServerAlias www.website.com
  SSLEngine on
  SSLCertificateFile /etc/apache2/ssl/website_com.crt
  SSLCertificateKeyFile /etc/apache2/ssl/website_com.key
  SSLCertificateChainFile /etc/apache2/ssl/website_com.ca-bundle
  RewriteEngine on
  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  RewriteRule .* - [F]
</VirtualHost>

Your vhost will now use the certificate.
Don't forget to open port tcp/443.

I found it useful to also redirect port 80 requests to 443 so that they are forced to use the cert:
<VirtualHost *:80>
  ServerName website.com
  ServerAlias www.website.com
  Redirect permanent / https://website.com/
</VirtualHost>

You can view your certificate contents including expiry by running:
openssl x509 -in /tmp/cert.crt -text