"Terminated" means something that's using the certificate to encrypt connections. You got the certificate but doesn't sound like anything is actually using it.
You can give it to Jellyfin so it can start encrypting the HTTPS port. The downside is that you'll be stuck using your pretty domain for just Jellyfin, for now.
If you decide to use it for more services later you can install a reverse proxy, get a wildcard certificate for *.pretty.domain, start creating subdomains as CNAMEs to the FreeDNS (eg. jellyfin.pretty.domain) and defining them in the reverse proxy.
The reverse proxy will be handling the forwarded port and terminate the encryption for all subdomains, and will hand-off the unencrypted connection privately to the relevant app based on which domain the visitor is using (and issuing 404 not found it they use a domain you haven't defined).