By default, Resilio Sync uses self-signed certificate (no need to generate a new one) causing the browser to give a warning, here are several workarounds: https://help.resilio.com/hc/en-us/articles/4404757430291-Browser-warning-Your-connection-is-not-private-
So, there is no much sense in generating the new self-signed certificate.
When one acquires a certificate from CA to protect access to Sync's WebUI, one should also specify the path to the private key ("ssl_private_key") : https://help.resilio.com/hc/en-us/articles/206178884-Running-Sync-in-configuration-mode