Websockets usually just work over a http router and service. Are you sure your IP and port (internal/external) are correct?
You can simplify your config, passHostHeader: true is default (doc), so can be removed. And you can assign the certresolver one time globally via entrypoint (doc).