Enabling HTTPS on websites can deal with “HTTP hijacking” by ISPs. In most cases, using a free SSL certificate is sufficient.
Recommended CA and Issuance Tools
ZeroSSL and Let’s Encrypt are two common CAs (Certificate Authorities). They both offer free SSL certificates with a 90-day validity period. The advantages are as follows:
- Support Wildcard Certificates (like *.example.com ).
- Support ECC certificate (ECC certificate is smaller than RSA under the same security).
- Can be issued through API, no need to apply manually.
It is recommended to use acme.sh as a certificate issuance tool. It supports ACME v2, pure shell implementation, no other dependencies, and can be used on Linux / BSD.