You can setup a lightweight letsencrypt docker in minutes to create certs for your domain/subdomains. Once that is done, you just mount the path to the .pfx file it creates to your Emby docker, and you're pretty much good to go. You just select that in the custom cert path and set your domain name in Server > Advanced. Real simple. If you use the reverse proxy in the same letsencrypt docker, you'd just point your NAT rule to 443. If you choose not to use the reverse proxy (I don't because I maintain an alias list of hostnames for my users' access) just chose the https port you want to set remote connections to use and NAT that port to your local Emby port.I use letsencrypt on my web servers, but not on anything at home. I do own a few domains that I have pointed at my house.
Done.