There has been a lot of buzz around about how quickly the web is moving towards HTTPS everywhere. For quite a while the EFF has had extensions for the popular browsers to enforce HTTPS Everywhere, and security bloggers like Troy Hunt have written a bunch of things about impending browser changes that are going to make life a lot harder for people with websites that do not support HTTPS.
I've been running HTTPS on ssl.ub3rgeek.net for a while now, since that site serves several applications (OwnCloud, tt-rss and wallabag for example) and I have good reason to want that to be secure, but I figured this was a good time to pull the trigger and put SSL on going-flying.com.
The reality is that while I'm unlikely to get the 'insecure' warnings from the browser updates but thankfully SNI is pretty well supported these days so pulling that trigger was pretty damn easy. 👍
In my case I buy DV certificates from my registrar (a rad French company called Gandi). Before people start screaming about LetsEncrypt I may switch to those at some point but frankly I don't really feel like they are "there yet". I use certificates for a lot of things that you don't see, including signing Apple MobileConfig bundles for use in deployment to my iOS devices. These certificates are still not trusted everywhere by default and integrating the LetsEncrypt ecosystem into all those automated backend tools is... well it's work I'm not getting paid for. 😂