Setup NodeBalancer HTTPS with my Kubernetes cluster running Istio

I deployed my Kubernetes cluster (not with LKE) with Linodes.
I deployed Istio. Setup Gateway and Virtual Service.
Created a Node Balancer with HTTP against my cluster. And it worked.
The server is configured with internal ip of my node where Istio Gateway pods is deployed. Port is the NodePort for the SVC for pod Istio-gateway..
At this point I want to setup NodeBalancer with HTTPS so that:
Client HTTPS ==> NodeBalancer ==> HTTP to my cluster, that way I do not need to setup ssl for my gateway.

Been told to use https://certbot.eff.org/ and it got confusing at:
To use Certbot, you'll need..

Web browser showing an HTTP site
…and an HTTP website
that is already online
with an open port 80

==> OK, I got a working site accessible via http on port 80, so I am good here.

A sever
…which is hosted on a server
which you can access via SSH
with the ability to sudo

==> I am applying the SSL on the Node Balancer, so not sure how to proceed. A support answer suggested to SSH to the Node Balancer, is that even possible, I could not find any docs on that, I know to ssh my Linodes server that I create. I tried doing an ssh root@NodeBalancerIp (what do I get to loose) and got ssh: connect to host <ip> port 22: Connection refused</ip>