because your browser does not know the self-signed certificate. try using let's encrypt if it's a server that looks outside the internet, or add the certificate to the trusted list if it's only a LAN service

Add the root certificate you generated to the certificate store, then it will work.
You can use mkcert to generate certificates - it will do everything by itself.

Show how you created the certificate and where the IP is registered. It must be in the SAN field

If the site is "for you and your girlfriends", then the easiest way is to forget about all these self-signed certificates and use LE (Let's Encrypt) - it's just right for this. How to use it - there are hundreds of thousands of instructions in the tyrnet.
If you want to figure it out, then the error occurs due to the fact that the certificate is self-signed and there is no trust in it. In order to trust it, you need to:
1. Place the certificate in the trusted certificate store (I don’t know where it is in bubuntu, usually /etc/ssl/certs)
2. Create a special link file in the trusted certificate store (see location above) - there should be a huge pile of them for standard certificates in this way:

cd /etc/ssl/certs
ln -s yourcertfile.crt `openssl x509 -hash -noout -in yourcertfile.crt`.0