Need help with certificates and connecting to ACI with IOT Edge PLC

Question

I posted the question here on github

I am trying to get the IOT-Edge-Opc-PLC working in ACI (Azure Container Instances) but I am unable to get it running and connected (using opc-ua subscriptions) potentially because I don't know how to get all the certificates setup.

Here is the github issue

Minimal steps to reproduce

Click the "Deploy to Azure" button from the readme.

Any log messages given by the failure

On the OPC Client software
Error establishing a connection: BadNotConnected
I'm getting lots of traffic on the OPC server, potentially bots, but when connected to the logs from the azure portal here are some related messages from the OPC Server

   [17:59:51 ERR] OPC: TCPSERVERCHANNEL ForceChannelFault Socket=027CB571, ChannelId=0, TokenId=0, Reason=BadConnectionClosed 'Remote side closed connection'  
   [17:59:51 ERR] OPC: 06/16/2022 17:59:51.575 TCPSERVERCHANNEL ForceChannelFault Socket=027CB571, ChannelId=0, TokenId=0, Reason=BadConnectionClosed 'Remote side closed connection'  
   [17:59:51 ERR] OPC: TCPSERVERCHANNEL ForceChannelFault Socket=03FE6417, ChannelId=0, TokenId=0, Reason=BadConnectionClosed 'Remote side closed connection'  
   [17:59:51 ERR] OPC: 06/16/2022 17:59:51.780 TCPSERVERCHANNEL ForceChannelFault Socket=03FE6417, ChannelId=0, TokenId=0, Reason=BadConnectionClosed 'Remote side closed connection'  

Expected/desired behavior

That I can connect to the OPC Server

OS and Version?

Running cat /etc/issue on the connect of the aci returns
Debian GNU/Linux 11 \n \l
The OPC UA Client is running on my windows 10 machine.

Versions

The aci Logs show: OpcPlc V2.3.0 starting up ...

Mention any other details that might be useful

I tried my best to find documentation on the readme about how to run this docker image as an aci and manage the certificates but was not able to find any. I apologize if it's in an obvious place, but I could not find any.

As per the directions on the readme, after you run the Deploy to Azure you should be able to connect using
opc.tcp://<NAME>.<REGION>.azurecontainer.io:50000

Looking at the container logs I tried this as well as since it said it was Starting server on endpoint <endpoint-below> ...
opc.tcp://aci-<NAME>-<RNG>-plc1.<REGION>.azurecontainer.io:50000
both didn't work.

I believe the issues is that I need the certificate (der file) from the aci / opc ua server on my client machine so I can connect but I do not know how to get it. Here is some of the log at the end when the certificates are created:

   [17:54:05 INF] Application store contains 1 certs  
   [17:54:05 INF] 01: Subject 'CN=OpcPlc' (thumbprint: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx)  
   [17:54:05 INF] Trusted issuer store contains 0 certs  
   [17:54:05 INF] Trusted issuer store has 0 CRLs.  
   [17:54:05 INF] Trusted peer store contains 0 certs  
   [17:54:05 INF] Trusted peer store has 0 CRLs.  

Looking at the logs I see there are several entries where it's creating the certificates on the container instance but that doesn't seem to be a good idea. Also, do I need to copy my OPC UA Client certificates to the server as well? I haven't gotten to that phase yet but that might be something that is needed?

I figure I can't connect because I don't have certificates on my OPC UA Client machine and perhaps I need to get certificates to the OPC UA server eventually, but none of that is clear on how to do with aci.

Can I configure the aci with where to get the certificates? is there other ways?