Just remember that a client like a webbrowser connects to a service, such as Apache or Transmission. Most of time, a TLS certificate needs to be installed on all of those services. Note that a certificate like that of Let’s Encrypt isn’t limited to HTTPS, but could also be used to secure other services (like e-mail protocols such as SMTP or IMAP). In that case, the certificate would need to be installed into those services too.
To make things a little bit more difficult, it’s possible to use just one service and let that service internally redirect to different internal services based on some kind of information. For example, you could add
transmission.domain.com into your certificate and make a separate VirtualHost in Apache which would be configured to internally redirect all data to
localhost:9091, your Transmission. In that case, your certificate would only be needed in Apache and not in Transmission, because the webbrowser would connect only to Apache on the standard HTTPS port 443 and Apache would know (because of the separate hostname) to internally pass the data stream through to Transmission.
But if you don’t really need the extra options Apache could offer and you don’t mind typing the port 9091 explicitly in the address bar of your browser, there’s not really any need for that.