Получение действительных сертификатов для подключения s2s в ejabberd

Question

У меня есть два разных узла ejabberd (давайте назовем их node1 и node2, каждый на отдельном хосте со своим собственным доменом. Я хочу настроить s2s соединение между ними. c2s отлично работает в каждый из них, но чат между пользователем из node1 и node2 вызывает ошибки из-за самозаверяющих сертификатов. См. вывод ниже:

Eshell V10.3.4  (abort with ^G)
(ejabberd@localhost)1> 13:08:22.843 [notice] Changed loghwm of /home/antonio/ejabberd-20.03/logs/error.log to 100
13:08:22.843 [notice] Changed loghwm of /home/antonio/ejabberd-20.03/logs/ejabberd.log to 100
13:08:22.932 [info] Loading configuration from /home/antonio/ejabberd-20.03/conf/ejabberd.yml
13:08:22.952 [warning] ACME directory URL https://acme-v01.api.letsencrypt.org defined in option acme->ca_url is deprecated and was automatically replaced with https://acme-v02.api.letsencrypt.org/directory. Please adjust your configuration file accordingly. Hint: run `ejabberdctl dump-config` command to view current configuration as it is seen by ejabberd.
13:08:22.952 [warning] Option 'log_rotate_date' is deprecated and has no effect anymore. Please remove it from the configuration.
13:08:22.952 [warning] Option 'log_rate_limit' is deprecated and has no effect anymore. Please remove it from the configuration.
13:08:23.163 [info] Configuration loaded successfully
13:08:23.364 [info] Loading modules for gamizdelgado.hopto.org
13:08:23.377 [warning] Mnesia backend for mod_mam is not recommended: it's limited to 2GB and often gets corrupted when reaching this limit. SQL backend is recommended. Namely, for small servers SQLite is a preferred choice because it's very easy to configure.
13:08:23.516 [info] Building MQTT cache for gamizdelgado.hopto.org, this may take a while
13:08:23.551 [info] Waiting for Mnesia synchronization to complete
13:08:23.592 [warning] Invalid certificate in /home/antonio/ejabberd-20.03/conf/server.pem: at line 53: self-signed certificate
13:08:23.710 [warning] No certificate found matching gamizdelgado.hopto.org
13:08:23.710 [warning] No certificate found matching conference.gamizdelgado.hopto.org
13:08:23.710 [warning] No certificate found matching proxy.gamizdelgado.hopto.org
13:08:23.710 [warning] No certificate found matching upload.gamizdelgado.hopto.org
13:08:23.710 [warning] No certificate found matching pubsub.gamizdelgado.hopto.org
13:08:23.710 [info] ejabberd 20.03 is started in the node ejabberd@localhost in 1.00s
13:08:23.710 [warning] No HTTP listeners for ACME challenges are configured, automatic certificate requests are aborted. Hint: configure the listener and restart/reload ejabberd. Or set acme->auto option to `false` to suppress this warning.
13:08:23.710 [info] Start accepting TCP connections at [::]:1883 for mod_mqtt
13:08:23.710 [info] Start accepting TCP connections at 127.0.1.1:7777 for mod_proxy65_stream
13:08:23.710 [info] Start accepting TCP connections at [::]:5222 for ejabberd_c2s
13:08:23.710 [info] Start accepting TCP connections at [::]:5269 for ejabberd_s2s_in
13:08:23.710 [info] Start accepting TLS connections at [::]:5443 for ejabberd_http
13:08:23.710 [info] Start accepting TCP connections at [::]:5280 for ejabberd_http
13:08:26.320 [info] (<0.550.0>) Accepted connection [::ffff:46.222.174.250]:62362 -> [::ffff:192.168.0.240]:5222
13:08:27.397 [info] (tls|<0.550.0>) Accepted c2s SCRAM-SHA-1 authentication for josemi@gamizdelgado.hopto.org by mnesia backend from ::ffff:46.222.174.250
13:08:27.633 [info] Cannot resume session for josemi@gamizdelgado.hopto.org: Previous session not found
13:08:27.736 [info] (tls|<0.550.0>) Opened c2s session for josemi@gamizdelgado.hopto.org/XMPPJabberClient.1b_b
13:08:43.914 [info] Outbound s2s connection started: gamizdelgado.hopto.org -> ruizsanchez.hopto.org
13:08:45.427 [warning] Failed to establish outbound s2s connection gamizdelgado.hopto.org -> ruizsanchez.hopto.org: Peer certificate rejected: self signed certificate; bouncing for 69 second

Я попробовал конфигурацию, описанную здесь: https://docs.ejabberd.im/admin/configuration/basic/#acme, но у меня есть одна проблема: я не могу перенаправить порт 80. Оба сервера ejabberd работают под маршрутизатором Domesti c, поэтому я не могу изменить этот порт.

Я также пробовал генерировать сертификаты с openssl, но безуспешно. Есть идеи, как правильно настроить s2s в этом случае?