Filippo Valsorda wrote an article “How Plex is doing https for all its users” two years ago. In the article, Filippo explains how the self-hosted media server Plex can offer TLS to secure all connections, including those to the user’s servers.
Plex is a server software running on your machine, and a discovery service somewhere out on the internet. Using your login, you connect to the discovery service, and then connects directly to your server, using XHR.
The XHR part means you are on a page https://plex.tv/web.app, and because that is a https page, the XHRs also need to be encrypted and trusted. That means your server needs to be able to do https, and that means your server needs to have a valid certificate to do this.
How does your server get this cert?