openssl genrsa 2048 > foo.key
openssl req -new -key ./foo.key > foo.csr
openssl x509 -req -in foo.csr -out foo.crt -signkey ./2048.key -days 365
-req tells openssl that this is a certificate request that should sign and output
There are many different ways to generate keys. Here is another way.
DigitalOcean accomplished the same tasks but in two commands instead.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout foo.key -out foo.crt
openssl req -new -key foo.key -nodes -days 365 -out foo.csr