Any simple installation notes for securely setting up MQTT (RPi)

Although this isn’t MQTT binding’s responsibility I would think the MOST people setting up MQTT will be wanting to connect it to a broker and/or MQTT clients over the internet.

Is there an outline for securely dong this or can someone make one?
I have been trying to set up a local MQTT Broker on my LAN (Mosquitto on RPi) and connect remote (internet) clients to it.securely.

All the SSL and examples I find have errors, are our-dated or otherwise don’t work.

I would be nice if someone that has been successful could outlien how the set up a local MQTT local broker to securely work with remote clients over internet.
(I’ve been reading through the online examples but none are as clear as some of the openhab apt-get installation guides.

I successfully was able to use TLS with this little guide, it provides scripts to generate the certificate.