I have got the certbot to work on my subdomain.domain.com and it works very well. It redirects HTTP to HTTPS quickly.
However, I am having trouble getting Transmission (torrent app) that is under the same domain with port 9091 to be SSL secured. I thought that the certbot can work on all directories under the secured subdomain.
The main function of certbot is to get a certificate. If you "just" get a certificate, nothing really happens by itself with the services you want to have secured, like your webserver or Transmission.
Now, certbot actually does know how to install the certificate for two webservers, Apache and nginx. But it does not know how to install the certificate into Transmission, so you need to do that manually. Please refer to the Transmission documentation on how to install the certificate issued by certbot into Transmission.
Thank you for your knowledgeable reply. I am new to ssl so your guidance is very helpful indeed. I will consult transmission documentation on how to provide SSL.
Just remember that a client like a webbrowser connects to a service, such as Apache or Transmission. Most of time, a TLS certificate needs to be installed on all of those services. Note that a certificate like that of Let's Encrypt isn't limited to HTTPS, but could also be used to secure other services (like e-mail protocols such as SMTP or IMAP). In that case, the certificate would need to be installed into those services too.
To make things a little bit more difficult, it's possible to use just one service and let that service internally redirect to different internal services based on some kind of information. For example, you could add transmission.domain.com into your certificate and make a separate VirtualHost in Apache which would be configured to internally redirect all data to localhost:9091, your Transmission. In that case, your certificate would only be needed in Apache and not in Transmission, because the webbrowser would connect only to Apache on the standard HTTPS port 443 and Apache would know (because of the separate hostname) to internally pass the data stream through to Transmission.
But if you don't really need the extra options Apache could offer and you don't mind typing the port 9091 explicitly in the address bar of your browser, there's not really any need for that.