> You don't have to. Issue a self signed cert and provide instructions to add it to the browser as a trusted certificate authority. The fact that no one trusts you by default becomes your problem, the alternative is caring about the trust backbone (or I suppose, paying Microsoft, Apple, Google and Mozilla to add your CA, but I would guess that will run a bit more than $600/year.)

The issue everyone seems to be ignoring is that PEOPLE ALREADY TRUST HTTP!

They ALREADY trust my http web-site! All of them, on all domain names, and through all redirects!

Why should I take extra steps for them to lose such trust through adopting https? Why?

There is no economic benefit for me to add https. None. As much as I'd like to contribute to encrypting the whole internet, the whole https concept (with no backwards compatibility with http) is just too much trouble to deal with.

How do they know they are getting your website? Do you care if their ISP is injecting banner ads and messing with your layout?

If you are just serving up hobby projects and personal stuff, there's probably no economic benefit to hosting it yourself anyway.

> How do they know they are getting your website? Do you care if their ISP is injecting banner ads and messing with your layout?

If their ISP is injecting banner ads, then all bets are off! Nothing I can do about it! They should change ISPs, or browse through a proxy.

Or are you supporting the concept of fast lanes in the net neutrality debate? I should pay up to the CAs to get treated more preferentially by the ISPs?

> If you are just serving up hobby projects and personal stuff, there's probably no economic benefit to hosting it yourself anyway.

Yeah, right! Now I'm suddenly guilty of hosting my personal stuff myself! Maybe I should ask Comcast or AT&T to host it for 3x the price I pay by hosting myself on a cheapo dedi?

https://comcast.net

What? They don't offer https, either?!