Let's Encrypt currently can indeed only issue certificates for hostnames, so yes, those are fine steps to take.
I think you're missing a verb here. I assume you wanted to say something like "Then get a certificate (…)" or something? Have you thought about which client you're going to use?
I have no idea what stunnel is doing here. Do note: daily there are multiple new threads and I don't think people are enclined to read the "LINK-of_post" thread in the beginning of your post before they are going to try to help you. In my opinion, it's your job (if you want our help) to lay all the facts out here as clearly as you can for us to understand the problem(s). So, again, no idea and as such, no advice about the stunnel step.
Always a good idea
Isn't Centova running on those servers? Again, please lay out all the facts/configuration/et cetera as clearly as you can. So Centova is running somewhere else?
As there are multiple steps with open questions which probably aren't even about a TLS certificate/Let's Encrypt, I have no clue. Perhaps you need less steps. Perhaps you need 10 more.
Please either condense your questions/steps to only the TLS certificate/Let's Encrypt part or (which I don't prefer) explain a lot more.
let me describe in more details…apologies if it was not clear and referring to other links.
As recently google chrome is blocking non secure sources of streaming in secure website, my end mission is to have a secure source of my shoutcast streams in order to add into music player in my website. With that said, as I know centovacast(shoutcast) dont have a native SSL approach for the streams, i have to implement some sort of proxy or reverse-proxy for it. The idea of the Stunnel is to create a secure output per port of the streams (so, instead of http://IP:port to https://ip:port ).
As i never assigned a domain to my IPs, the initial steps i showed was to first have a domain referring to the IPs. After that, i need to assign a certificate for each of the domains and then, I assume, configure the stunnel.
for the context my setup is the following:
website running on heroku with a certificate from letsencrypt
2 servers for shoutcast running godaddy - which im trying to make this source secure.
Let me know if there are doubts of the overall process that im trying to achieve.
The overall process as I understand is to get 2 Let's Encrypt certificates and use them to set up two stunnel processes to have HTTPS streams. Sounds good.
Using Let’s Encrypt certificates in combination with stunnel to provide a TLS endpoint for a service which doesn’t provide TLS capabilities on its own seems to be a correct process, yes.
If you’d like to know more or get other advice, I’d suggest asking specific questions.
