Unable to create cert for ttyd

HI im trying to create a cert amd key for ttyd to use ssl but it fails with cant open /dev/fd/64 does any one know how to fix this ?

root@OpenWrt:/tmp# openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=localhost" -out 
server.csr
Generating a RSA private key
................+++++
........................................................................................................+++++
writing new private key to 'server.key'
-----
root@OpenWrt:/tmp# openssl x509 -sha256 -req -extfile <(printf "subjectAltName=DNS:localhost") -days 365 -in server.csr -CA ca.crt
 -CAkey ca.key -CAcreateserial -out server.crt
Can't open /dev/fd/64 for reading, No such file or directory
3069428632:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('/dev/fd/64','r')
3069428632:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
root@OpenWrt:/tmp# 

ok i fixed that error by creating a symbolic link as follows:

ln -s /proc/self/fd /dev/fd

but now i have a new error:

root@OpenWrt:/tmp# openssl x509 -sha256 -req -extfile <(print
f "subjectAltName=DNS:localhost") -days 365 -in server.csr -C
A ca.crt -CAkey ca.key -CAcreateserial -out server.crt
Signature ok
subject=C = CN, ST = GD, L = SZ, O = "Acme, Inc.", CN = localhost
Can't open ca.crt for reading, No such file or directory
3069793176:error:02001002:system library:fopen:No such file or directory:crypto/bio/bss_file.c:69:fopen('ca.crt','r')
3069793176:error:2006D080:BIO routines:BIO_new_file:no such file:crypto/bio/bss_file.c:76:
unable to load certificate

where do i get the ca certificate from to read ?
I have installed the package ca-bundle but there does not seem to be a ca.crt file in the etc/ss/cert directory.

ash shell doesn't support process substitution. So, instead of the construction <(command) — that in bash is like a file — in ash the easiest solution is to create a file with the content. So, the simplest way would be:

# Create CA key and certificate. Import ca.crt as root certificate to the computers accessing the router and save ca.key for future use.
[ -e "./ca.key" ] || openssl genrsa -out ca.key 2048
[ -e "./ca.crt" ] || openssl req -new -x509 -days 7300 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt

# Create server key and certificate. use server.key and server.crt as valid files for uhttpd, ttyd, etc.
[ -e "./server.key" ] || openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=localhost" -out server.csr
echo "subjectAltName=IP:192.168.1.1,DNS:Openwrt.lan,DNS:myserver.myddns.org,DNS:www.myserver.myddns.org" > /tmp/subjectAltName.txt
openssl x509 -sha256 -req -extfile /tmp/subjectAltName.txt -days 825 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

Obviously, change the DNS entries with your own internal/external, and IPs you use to access the router.