had this before and added this to the test-env. notes:
when using a test-environment, so probably a self-signed certificate, you need to get trust for the cert. in your browser. Load the page: https://yoururl.com:29876 and accept the security risk (especially firefox), afterwards encrypted VNC traffic over the websocket is properly handled and encrypted. A “real” certificate does not need this workaround.
Using tcp port 443, and finding a self-signed, non-accepted certificate it will trigger the “create exception” option in a browser. But for secure VNC traffic, using tcp port 29876, it doesnt, so you need to do that manually once, and then it will work as expected (and secure).
EDIT: because you post your VNC settings, I assumed you mean encrypted VNC traffic, right ?
Accessing Sunstone itself (so not just VNC) is best done using a proxy, like apache or nginx. See this topic for configurations: VNC with Sunstone behind Nginx Proxy