For reading this wiki, I'm fine to use unencrypted HTTP, however for logging in and editing pages, it seems better to use HTTPS. For making this change, I've done the following:
For security, I use security groups in AWS. To prevent issues with the next steps, an entry was added to allow incoming traffic on port 443.
The site https://letsencrypt.org provides the files, installed with:
ubuntu@ip-172-31-43-26:~$ sudo snap install --classic certbot certbot 1.11.0 from Certbot Project (certbot-eff✓) installed
After reading and aggreeing to the subscriber agreement, the script had errors with my NGinX config:
Account registered. No names were found in your configuration files. Please enter in your domain
This did setup the certs in the proper directory despite the error.
These are described on NGinX in Front of Pier, specifically:
server_tokens
should help with security