Unable to get https certificate for openhab2

That may simplify things a lot.
Please show:
certbot certificates

This will have to change to the name on the LE cert.
So you need to consider how you will manage your DNS resolution.
The name will have an Internet IP, but that may not match the real IP inside your network.

[EDIT]
Disregard. I see that you are using global DNS to show your private IP.
Split DNS could allow for both sides to co-exist - should you need to access it from both sides.

Sorry for late reply,

sudo certbot certificates 
[sudo] password for ananth: 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Renewal configuration file /etc/letsencrypt/renewal/veplopenhab.ga.conf produced an unexpected error: renewal config file {} is missing a required file reference. Skipping.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: veplopenhab.ga-0001
    Domains: veplopenhab.ga
    Expiry Date: 2019-03-14 04:22:18+00:00 (VALID: 85 days)
    Certificate Path: /etc/letsencrypt/live/veplopenhab.ga-0001/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/veplopenhab.ga-0001/privkey.pem

The following renewal configuration files were invalid:
  /etc/letsencrypt/renewal/veplopenhab.ga.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

This is a good cert (valid 85 more days).

[quote="_DJ, post:64, topic:79977"]
Certificate Name: veplopenhab.ga-0001 
Domains: veplopenhab.ga 
Expiry Date: 2019-03-14 04:22:18+00:00 (VALID: 85 days) 
Certificate Path: /etc/letsencrypt/live/veplopenhab.ga-0001/fullchain.pem Private Key
Path: /etc/letsencrypt/live/veplopenhab.ga-0001/privkey.pem
[/quote]

You can use this information to configure into OpenHAB directly:
Certificate Path:
/etc/letsencrypt/live/veplopenhab.ga-0001/fullchain.pem
Private Key Path:
/etc/letsencrypt/live/veplopenhab.ga-0001/privkey.pem

And it should update automatically when you renew using certbot.

You should then be able to access via:
https://veplopenhab.ga:8443/

I dont know how to link this certificate to my openhab.
I need to solve this issue with the certificate which I got from Lets Encrypt.

That is an openhab question.

In the meantime, if you like, I can help you use nginx to proxy to it (via another unused port)
Anything like:
https://veplopenhab.ga/
https://veplopenhab.ga:1234/
https://veplopenhab.ga:9999/

I found this doc online: Securing Communication and Access | openHAB

For secure connection accessing openhab, I need to use 8443 only. All settings are based on 8443 only. I Because cloud settings are based on 8443 (i think so).

I thought with this certificate, I can solve “Not secure error” appearing in browser.
Please correct me, if I wrong.,

Please explain

I am suggesting that OpenHAB remains on port 8443
But you put a proxy in the path at another unused port (like 8000)
You get to https://xxxxxx:8000/ but that connects you to https://xxxxxxx:8443.

Yes it can do that - in several ways:
#1 get OpenHAB to use it directly (not sure how that can be done)
#2 put OpenHAB behind a secure proxy (that is easy)
The certificate goes on the proxy.
You access the proxy "securely"
The proxy connects you to OpenHAB "securely".

The one catch is you can’t use the same port on the same IP for two different services.
That is, nginx and OpenHAB can’t both run on 8443.
But they can be on the same IP - just on different ports.
Or if the system had a secondary IP…
Then
OpenHAB could be at: IP1:8443
NGINX could be at: IP2:8443
But I don’t see how/why the actual port is an issue.
Of course I don’t know who your clients are nor how they connect to OpenHAB.
Maybe they are expecting to always see port 8443 - I don’t know.
Please let me know which method seems best to you.

If you only have the one IP and your clients must use 8443…
Then you have only three options:
#1 Move OpenHAB to another port and use 8443 for nginx proxy
#2 Get OpenHAB to use the cert directly (without a proxy)
#3 Use a separate system as the proxy - so that other IP:8443 proxies to OpenHAB-IP:8443.

Unfortunately, we are not here to provide network/security design.
We are only here to ensure you can get a cert and setup automatic renewals.

And you seem to have already figured how to get the cert.
And you probably have a plan on how to renew it in 90 days.

So anything else is beyond our requirement.
I would like to help you completely but you need to understand just how much help you should expect from this forum.

The nginx proxy_pass directive, which you suggested using elsewhere in this thread, could potentially dispatch on the SNI hostname that the user's browser used in connecting to the service; in this case it would appear to end users that the services were running on the same port, even though in reality only nginx was running on that port.

I am not suing Nginx. So I can kill that and will allocate to openhab. Is it ok ?

Even if you only used nginx to get the cert, you may need it when it comes time to renew the cert (in a few months). So I don’t think removing nginx is of any real benefit.

Using the cert directly in OpenHAB is the ideal first choice.
If you can do that, you may then also be able to use OpenHAB when times comes to renew the cert (possibly by using the --webroot method); In this case, yes, you would have no need for nginx.
(I just don’t see online any way to do these things in OpenHAB)

Ok…Please provide me the steps to do…

I’m really sorry, but:
I don’t use OpenHAB.
I don’t work for that company.
I don’t know how to do that.
But it would seem to be possible.
Maybe they have a forum?

Or I am misunderstanding your question?
If so, please clarify the question for me.

You told using proxy, I can get certificate for 8443 port.
Please provide me the steps for this.

Can we use this file for the proxy?

Ok… We can use that file.

Show how it looks now
While I piece together all that you will need in it.