openssl command to generate a tls cert just like the ones generated by LND Lightning Network Daemon

lnd_openssl.sh

# This is one big command. Fill it out in a text editor and copy-paste
# the whole thing to get tls.key and tls.cert files for use with lnd

openssl \
  req \
  -newkey ec:<(openssl ecparam -name prime256v1) \
  -nodes `# No password` \
  -keyout \
  tls.key `# private key filename` \
  -x509 \
  -set_serial 0x$(openssl rand -hex 16) \
  `# config contains x509v3 extensions` \
  -config <(echo "
      [req]
      x509_extensions = v3_req
      distinguished_name = req_distinguished_name
      prompt = no

      [req_distinguished_name]
      organizationName = lnd autogenerated cert
      commonName = localhost # Main domain goes here

      [v3_req]
      keyUsage = critical, digitalSignature, keyCertSign, keyEncipherment
      extendedKeyUsage = serverAuth
      basicConstraints = critical, CA:true
      subjectKeyIdentifier = hash
      subjectAltName = DNS:localhost, IP:127.0.0.1 # Additional DNS domains and IP addresses go here
  ") \
  -out tls.cert `# cert filename` \
  -days 420 `# Valid number of days (default for LND is 14 * 30 = 420 days)`

whats the use case?

a jump off point for modifications.

ie. extending the expiry beyond 420 days

You can also use $(echo $((($(date -d 20491230 +%s)-$(date +%s))/86400))) in place of 420 where you replace 20491230 with the actual date you want it to expire in YYYYMMDD format.

20491230 is probably the latest date you want to put in, since 2049-12-31 23:59:59 is the maximum value for dates in ASN.1 and with timezones etc. you wouldn't want the date to throw an error.