Get ready to be disappounted. The only reason it doesn't come up as untrusted (for me) is because I've added my CA to my list of trusted CAs. So I only do this with internal services (local HTTPS services, SSH, etc.). The services are not just available to me, but I know all the users personally and they're all willing to install my CA.

For any public service, you're stuck with getting a cert from someone in the default list that ships with Firefox, Chrome, the O/S, Java, etc. That is, unless you are in a situation where you can get your clients/visitors to install your CA.

My public services use LetsEncrypt like most everyone else.