By default, during the installation a self-signed certificate is created. This should be good enough to get you started.

You can set the path to the key and certificate in the admin console, if you already have them.

If you don't have the certificate, you can request a free, valid, and hassle-free certificate from Let's Encrypt, turning on the option in the admin console.

Once enabled, the LE certificates will be checked by the amusewiki daemon once a day, and renewed automatically if needed (a month before the expiration). The problem is that you still have to reload the webserver for the new certificates to pick up. If the logger is sending you mail, you should see the warning.

Anyway, the debian package installs a cronjob in /etc/cron.daily to reload nginx once a day to avoid the need to login and reload manually. You should do the same. See debian/amusewiki.cron.daily

Procedure to create a site with SSL certificates using Let's Encrypt:

First, login in the admin and create the site.

Reload the webserver as per instructions.

  # this will print out the instruction to update the webserver conf
  script/amusewiki-generate-nginx-conf

  # update the nginx config as per instructions given by the above command.

  # this will fetch the certificates
  script/amusewiki-letsencrypt

  # Refresh the configuration to actually use the certificates.
  script/amusewiki-generate-nginx-conf