By default, during the installation a self-signed certificate is created. This should be good enough to get you started.

You can set the path to the key and certificate in the admin console, if you already have them.

If you don't have the certificate, you can request a free, valid, and hassle-free certificate from Let's Encrypt, turning on the option in the admin console.

Once enabled, the LE certificates will be checked by the amusewiki daemon once a day, and renewed automatically if needed (a month before the expiration). The problem is that you still have to reload the webserver for the new certificates to pick up. If the logger is sending you mail, you should see the warning.

Anyway, the debian package installs a cronjob in /etc/cron.daily to reload nginx once a day to avoid the need to login and reload manually. You should do the same. See debian/amusewiki.cron.daily

Procedure to create a site with SSL certificates using Let's Encrypt:

First, login in the admin and create the site.

Edit the site and check the Let's Encrypt option on.

Reload the webserver as per instructions.

  # this will print out the instruction to update the webserver conf
  script/amusewiki-generate-nginx-conf

  # update the nginx config as per instructions given by the above command.

  # this will fetch the certificates
  script/amusewiki-letsencrypt

  # Refresh the configuration to actually use the certificates.
  script/amusewiki-generate-nginx-conf

If you installed amusewiki with a Debian package, the commands executed by root are:

# amusewiki generate-nginx-conf
# amusewiki letsencrypt
# amusewiki generate-nginx-conf

(Same thing as above, but using the amusewiki executable, which is the correct thing to do on Debian).