Enabling HTTPS on websites can deal with “HTTP hijacking” by ISPs. In most cases, using a free SSL certificate is sufficient. Recommended CA and Issuance Tools # ZeroSSL and Let’s Encrypt are two common CAs (Certificate Authorities). They both offer free SSL certificates with a 90-day validity period. The advantages are as follows: Support Wildcard Certificates (like *.example.com ). Support ECC certificate (ECC certificate is smaller than RSA under the same security). Can be issued through API, no need to apply manually. It is recommended to use acme.sh as a certificate issuance tool. It supports ACME v2, pure shell implementation, no other dependencies, and can be used on Linux / BSD.