((((  openssl req -x509 -newkey rsa:4096 -keyout ./privkey.pem -out cert.pem -days 365 -nodes -subj '/CN=jellyfin.lan' ))))

>>>>>> lets encrypt dans /SSL:
cp /etc/letsencrypt/live/domaine.fr/privkey.pem /SSL/jellyfin/
cp /etc/letsencrypt/live/domaine.fr/cert.pem /SSL/jellyfin/
cd /SSL/jellyfin
openssl pkcs12 -export -out jellyfin.pfx -inkey privkey.pem -in cert.pem -passout pass:passphrase

/SSL/jellyfin/jellyfin.pfx

##################################################################################
Self-Signed Certificate

See here for more information.

Create a private key.

openssl req -x509 -newkey rsa:4096 -keyout ./privkey.pem -out cert.pem -days 365 -nodes -subj '/CN=jellyfin.lan'

Omit -nodes to set a password interactively.

Remove -days 365 to make it 'permanent'.

Add -subj '/CN=localhost' to make it not ask interactive questions about content of certificate.

The above command creates ./privkey.pem which will require one more step before use in Jellyfin.

openssl pkcs12 -export -out jellyfin.pfx -inkey privkey.pem -in /usr/local/etc/letsencrypt/live/domain.org/cert.pem -passout pass:motdepasse