I assume you mean SSL/TLS certificates for internet accessable applications? I use a reverse proxy called Caddy in a Docker container, which handles requests from the internet and directs them to the proper docker container based on the subdomain. It also handles my certificates automatically, requesting a new Let’sEncrypt cert just before the old one expires using a community made plugin.
You may be able to use the CLI tool mmv, which can be installed through the apt package manager. It’s great at renaming files that are starting a similar naming convention and ending with a similar naming convention, you could use mmv to move your files. It also suppose sum links and hardlinks. It’s what I used to rename folders of tv shows when I need to do that.
Containers like Docker/Podman? I only use that for selfhosted services on my servers. I can’t speak to Docker/Podman applications used on desktop.
If you want to include more universal package methods such ad Snap, Flatpak, and AppImage, I use Flatpak installations for things I want to sandbox that don’t have a focus on Linux Development. These are applications like Discord and Spotify. I’ll also install applications through Flatpak that aren’t available through my package manager, after checking that the Flatpak is maintained by the developer. An example of that which I use is Czkawka which finds and offers solutions for duplicate and similar files.
The way I used Flatpak, I haven’t run into any show stopping issues although I do know using Flatpak for CLI applications can be difficult and annoying. I believe Flatpak CLI apps need to be run by using the full Flatpak package name instead of just the executable name.
If you’re open to things similar to Plex, I’d recommend Jellyfin! Plex has been making some decisions lately that aren’t necessarily selfhoster friendly. A selfhosted instance of Plex still authenticates using Plex’s central servers (if you’re internet is out or Plex is down and you want to stream your own movies or shows, that won’t work due to failed authentication). That’s compared to your Jellyfin instance handling authentication locally. If you can contact your server, you can watch your media. Plex has also announced a credit skipping feature, uploading credit timing to their central servers that can be restored on complete rebuild. While they say it’s anonymous, they need some way to associate you and the proper credit timings, to send that back to you.
Jellyfin is earlier days in development, and you should check to see what clients are available to see if that would work with your hardware. But Jellyfin is definitely catching up, I’ve been very happy with their server and applications.
I like Czkawka for detecting and handling duplicate files, similar files, empty directories, and more.