For proper SSTP need valid HTTPS certificate. It's possible to obtain certificate for xxxx.softether.net only if 443 port is open. There are ability to register certificate without exposing 443 port - just via DNS records:
https://community.letsencrypt.org/t/dns-based-challange-for-verification-of-letsencrypt-ssl-certs/28561/6
So need to modify SoftEther DynDns implementation
I think you are confused, as Let's Encrypt HTTP challenge requires you to listen the port 80, not 443. Put a web server such as NGINX, it won't interfere with SSTP 443 and let certbot put his challenges there with the webroot method. It will work like a charm.
Furthermore, if you want to automatically renew your SoftEther VPN SSTP certificate, you can automate it via CRON and vpncmd
client, though you will have to expose your server password in a file, that is dangerous. More information here (sorry, spanish only)
the question is answered. can we close the issue ?
or maybe you are going to do some PR ?
Looks like SoftEther isn't well-integrated with Let's Encrypt at the moment, which could be a nice feature for those VPNs which require a valid cert (say, SSTP).
The reply above mentions nginx, certbot, cron and vpncmd in one combination, which is four pieces of software too many for managing such a routine task as getting a required cert from a de-facto standard provider for running SoftEther primary features.
It feels like SoftEther could listen on 80 and do the full trick on its own, every two months. I mean, it's already a great swiss army knife with many servers inside, would be nice to enable cert handling with just setting a few more options.
Most helpful comment
Looks like SoftEther isn't well-integrated with Let's Encrypt at the moment, which could be a nice feature for those VPNs which require a valid cert (say, SSTP).
The reply above mentions nginx, certbot, cron and vpncmd in one combination, which is four pieces of software too many for managing such a routine task as getting a required cert from a de-facto standard provider for running SoftEther primary features.
It feels like SoftEther could listen on 80 and do the full trick on its own, every two months. I mean, it's already a great swiss army knife with many servers inside, would be nice to enable cert handling with just setting a few more options.