Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: *.ft.ftg.com
I ran this command: openssl req -x509 -nodes -days 36500 -newkey rsa:2046 -keyout server.key -out server.crt
It produced this output: server.key/server.crt
My web server is (include version): apache2.4
The operating system my web server runs on is (include version): ubuntu 16.04
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): no
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win7 64 bit, win10 64 bit
Unlike a lot of other CAs, Let's Encrypt uses a program called a client to request certificates, rather than expecting users to use OpenSSL to make the keys and CSRs. (You can use that CSR with many clients, but usually it's a much harder way of going about things.) The client then handles automatically renewing the certificate every couple months as needed.
If your server is using Windows, check out the "Windows / IIS" section of the client list:
But since you're talking about end-user versions of Windows, and also talking about Apache, it's a little unclear to me what you're actually trying to accomplish, as it'd be pretty unusual to be setting up Apache on a Windows 7 system. Can you give more details on your underlying goal here?
It's not quite clear what your question is, why you ran the openssl command, or what relationship there is between the Ubuntu machine and the Windows machines. But if you're wanting to set up an internal CA for your Intranet, it's pretty easy, though it has nothing to do with Let's Encrypt:
Edit: But I note that the error message you've posted shows that you're browsing by IP address. For that to work without errors, not only does the CA need to be trusted (which the link above addresses), but the IP address needs to be specified on the certificate.