Is there a way to run counterparty-server so that it accepts SSL connections?

No and yes.

The current code does not allow that because the developers believe it can be done cleaner, safer and easier elsewhere.

However you can use a round-about way to accomplish that. For example, with stunnel you could:

  • Leave counterpartyd to run on port 4000 (14000 for testnet)
  • Open the firewall and configure stunnel to accept connections at port 443
  • In stunnel.conf route incoming stunnel traffic from TCP/443 on Public IP to TCP/4000 (14000 for testnet) on the loopback interface and route outgoing traffic in the opposite direction

stud is a another package with similar functionality.

If you have account on the system which runs counterparty-server you could also use OpenVPN or SSH tunneling to accomplish the same (although that wouldn’t scale for production use).