Simplest way to generate self-signed certificate
This way will work with Nginx or any other reverse proxy server.
addext the feature requires
OpenSSL the version to be equal or more
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \ -keyout hinty.key -out hinty.crt -subj "/CN=example.com" \ -addext "subjectAltName=DNS:*.example.com,DNS:www.example.net,IP:10.0.0.1"
IP option allows to create certificate for IP domain (in most cases it is not recommended).
Most likely you don't need both DNS and IP, so can leave only one component or remove
addext at all.