It seems that the impossible is happening and free SSL certificates are becoming commonplace.
About time! If you've hosted sites before you will know how expensive an SSL certificate is,
particularly for small sites like this one where there is no revenue.
Thankfully some big companies have joined in an initiative called Let's Encrypt,
which does just that: provide you with a free, automatically generated security certificate that is
acccepted by all major browsers.
It's worth mentioning that Amazon is doing exactly the same thing if you host sites there, although
you'll need to be using either an Elastic Load Balancer or Cloudfront CDN, both of which incur costs
(see more at Amazon's Certificate Manager).
Even with all these, the process of setting it up is a bit cumbersome, so I was very happy to find
that Dreamhost, the hosting server I use for this site, just enabled
one click setup. It's literally one click:
Enabling SSL with just one click
That's all there is to it. Just a note: you'll have to wait a few minutes for it to take effect. If you try it immediately, it shows as
using a self-signed certificate which obviously is no good. Be patient.
I did have to fix some references to non-ssl links that I had in the site (for instance, including images with an
http:// prefix). For
most use cases you can replace references to
http:// with just
// and it will work both in http and https modes. Or just use https everywhere.