If you are **not using the standard `5269` port**, you must also add a SRV record for `_xmpp-server._tcp.your_instance.tld.` (same as above, just without the `room.` prefix).Of course, you can also add this record if you use the standard port. It will also work.
It is possible to use certificates validated by a certification authority.However, this requires advanced system administration knowledge.Indeed, due to the multitude of possible use cases, it is impossible to document all situations here.This documentation will therefore only explain the goal to be reached, and give an example which will only be suitable for a "basic" situation (manual installation of Peertube, using letsencrypt).If you are in another situation (Docker installation, certificates signed by another authority, etc...), you will have to adapt this approach by yourself.
It is up to you to generate valid certificates for domains `your_instance.tld` and `room.your_instance.tld`.You can use any [method supported by Prosody](https://prosody.im/doc/certificates).
You must then place these certificates in a folder that will be accessible to the `peertube` user, and specify this folder in the plugin setting "Certificate folder".