genServer.fish

openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem                                                               
openssl req -new -sha256 -nodes -out server.csr -newkey rsa:2048 -keyout server.key -config ssl.conf                                           
openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 90 -sha256 -extfile ssl.ext

ssl.conf

[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=CN
ST=TIANJIN
L=TIANJIN
O=FEILONG
OU=HOME
emailAddress=feilongphone@gmail.com
CN=feilonglan

ssl.ext

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment                                                                 
subjectAltName = @alt_names

[alt_names]
DNS.1=lan
DNS.2=*.lan
DNS.3=f.lan
DNS.4=*.f.lan
DNS.5=huginn.f.lan
DNS.6=ttrss.f.lan
DNS.7=ipfs.f.lan
DNS.8=ipfs-api.f.lan
DNS.9=transmission.f.lan