> If you're accessing your Jellyfin over the local IP it will be impossible to get a valid certificate for it.
I just made a domain name for all of my local network services. Each service gets a subdomain that resolves to a local IP address, so like jellyfin.mydomain.com -> 10.x.x.x. Then just do DNS validation with letsencrypt. Boom, valid cert.
FWIW if you want to run your Jellyfin on the public internet, you can use NAT hairpinning in your local network and have that subdomain resolve to your public IP, and still access it from within your network :).
I just made a domain name for all of my local network services. Each service gets a subdomain that resolves to a local IP address, so like jellyfin.mydomain.com -> 10.x.x.x. Then just do DNS validation with letsencrypt. Boom, valid cert.