Authentication
This web server is served via HTTP and HTTPS.
For HTTPS, this server uses a self-signed x509 certificate. I provide a detached signature, performed with my PGP key, to authenticate the certificate.
You may wonder why I didn't get a free certificate from a well-known CA. Let me expose my arguments.
I believe that trusting a third-party to authenticate myself is insecure and nonsensical. I authenticate myself everywhere using my PGP key, including my Git activity (commits, tags, ...), released tarballs (e.g., Linux man-pages releases), emails (my mail to mailing lists tends to be always signed, with few exceptions). To connect that ID with my server, the obvious way is to use the same key.
But there are more flaws of using a CA to authenticate my server. Using a self-signed cert, no-one can impersonate me, as no-one can forge a cert that would be signed with my key (unless someone buys a 5$ wrench and asks me to do so). On the other hand, relying on a CA, you are implicitly trusting that the CA will not be hacked, and that some government will not ask the CA to provide a valid cert. The former has happened, and will likely happen again. The latter has happened, and will definitely happen again. By not having a CA, that whole attack vector is removed. (No-one has come to me with a 5$ wrench yet; statistics are on my side; and that attack is still possible using a CA)
It has a minor inconvenience, and it is that your browser will complain about my site. That's a feature, not a bug. Your browser is reminding you that you should decide if you trust me, which you can state by installing my certificate in your system.
Privacy
I wouldn't really enable HTTPS for the sole purpose of authenticating my server. And I suggest you don't consider it authentic just because of my x509; chances are that some day this server may be hacked. The only contents that you should consider authentic are those directly signed by my PGP key, such as git commits or tags.
The reason I enabled HTTPS is simpler: privacy. Using HTTPS makes the contents encrypted, so others can't sniff what you read.
Still, you must know that privacy isn't great, since the length of the request and the response are visible, so an eavesdropper could connect the dots to learn what you just read, but there's nothing better we can do about it.