I have made some bad moves. Let's say when I created my blog "Duckman" that I used "fred" for a username. Then, at some later point in time, this was altered to "Fred" -- changing the first char to upper case. Now when I log in as Fred I am not recognized as an admin.

Does that help to get things unlocked?

It would be nice to be able to git clone over https too:

$ git clone https://myrepos.branchable.com/
Cloning into 'myrepos.branchable.com'...
fatal: repository 'https://myrepos.branchable.com/' not found

The setup branch in the site's git repo contains its setup file.

Ok, the answer is yes to all those questions, how do we get a copy of the setup file?

sorry, I'm still confused how to register at branchable. whether after receiving an email, can you directly enter the branchable site?

because there is a choice of sites and emails, I enter the opinioncr

I agree, and blogged about something similar a while ago:

https://joeyh.name/blog/entry/idea:_git_push_requests/

ikiwiki-hosting would be one place to implement this, it already has hooks that filter incoming pushes for wiki criteria. However, it would probably be better to implement something standalone and then ikiwiki-hosting could just use it.

I would go with $foo.source.branchable.com instead.

Could we get HSTS and redirects from http to https?

Adding the site to HSTS preloads and or https-everywhere would be good too.

We're using letsencrypt wildcard support -- but it only allows for a single level of domain name above the wildcard, so does not work for source.$foo.branchable.com.

Renaming them to source-$foo.branchable.com, with a redirect from the old domain seems like the best way.

Aha, the ikiwiki logout button is on the Preferences page. I think it would be a good idea to include a "Logout" link that just goes to the Preferences page (or a new logout page).

I note that Let's Encrypt now offers wildcard support, which could be a useful option for supporting TLS.