Enabling HTTPS on websites can deal with “HTTP hijacking” by ISPs. In most cases, using a free SSL certificate is sufficient.

ZeroSSL and Let’s Encrypt are two common CAs (Certificate Authorities). They both offer free SSL certificates with a 90-day validity period. The advantages are as follows:

  • Support Wildcard Certificates (like *.example.com ).
  • Support ECC certificate (ECC certificate is smaller than RSA under the same security).
  • Can be issued through API, no need to apply manually.

It is recommended to use acme.sh as a certificate issuance tool. It supports ACME v2, pure shell implementation, no other dependencies, and can be used on Linux / BSD.