Encryption via HTTPS is automatically provided by nginx within the xbat.service. The certificates must be created manually and placed in /etc/xbat/certs/. By default certificates are expected to be placed in /etc/xbat/certs. If you want to use a different directory, you can specify it with the --certificate-dir option during the installation of xbat.
Use an existing certificate or check out this guide for generating a new one. For testing purposes the development certificates can be used. They are located in the dev/certs directory of the xbat repository.
After placing these files, adjust the ownership and permissions to make sure nginx (the xbat user) has access and restart the service afterwards.
chown -R xbat:xbat /etc/xbat/certs
chmod -R 750 /etc/xbat/certs/