In my case I cannot use a cert from one of the free providers, because installation requires root access. I do not have root access on my managed server. This is probably intentional so that my server host can charge money for a Comodo cert. I could leave my host and put my site on as a free github.io site or put it into Amazon or something like that.<p>Aside from the costly cert, which I actually DO NOT need, I really like my current host. In the meantime this means I will continue to serve insecurely over HTTP.<p>Why do you ask that I absolutely DO NOT need HTTPS. It is because my site is a web productivity application written in JavaScript. It runs in the browser (or command line) and saves all data in the browser. No user information is sent back to the server and no personalized data or content is sent from the server. This said my site is more secure over HTTP than most every other site over HTTPS.