Hello @jebraat the public URL can’t provide wss we only provide http on 443, 80 and 8080 ports.
Answering about where to install the certificates, you need to create the volume on the container where you are going to use the certificate or just use the /app folder if i’m not wrong.
More questions! Is the device who is trying to access to your broker connected on the same network? if so, can you use the local address? if you want to use the edge device as your global MQTT/wss broker probably you will need to add extra-containers.
I found this forums message that maybe can help you → Public URL and Socket.io
Finally, let me share here a project that is using wss service with letsencrypt digital certificates. You can find it here → basicstation/runner at master · xoseperez/basicstation · GitHub and here copying the cacert.pem on the app directory → basicstation/start.sh at fe59373667060da3f86c5757545362d74160aafe · xoseperez/basicstation · GitHub
Let me know if this can help!