On the remote server, generate a csr:
openssl req -new -newkey rsa:2048 -nodes -keyout ohioriver_org.key -out ohioriver_org.csr
On the Namecheap website, upload the key and csr as necessary (this is straightforward if you follow the instructions, but I don't remember the exact process).
On Namecheap, navigate to the SSL details which should be showing "Pending". Get the CNAME record which should have two critical values like:
_451eecbf67d046e1fe18fefb12316a8a.ohioriver.orgDDD030ED049CBA45417CDB250E48ACCC.D68CC873DFA2FF62D01125D1075871B4.67af971b96c39.comodoca.com
Navigate to the DNS host, in the case of ORSANCO Flows we use Azure.
Remove any existing CNAME records.
Add a new CNAME record.
For the Name, add the hexstring with a leading underscore WITHOUT the trailing domain name, so _451eecbf67d046e1fe18fefb12316a8a in our example (no ".ohioriver.org").
For the Value, add the whole target value, so DDD030ED049CBA45417CDB250E48ACCC.D68CC873DFA2FF62D01125D1075871B4.67af971b96c39.comodoca.com in our example.
Allow anywhere from an hour to two days for the change to propagate.
Contact Namecheap support if necessary. Their web chat is very good.