I saw a post on Reddit, which led me to another site, which led me to another, and so on and so forth until I arrived at a page that suggested everyone should be running HTTPS for everything because it's free everywhere, and mentioned something about AWS, which is where I presently host this blog.
"Bullshit!" I thought. "AWS charge money to use a custom HTTPS certificate, and it would be several thousand percent of my current AWS bill."
It turns out, that's supposedly no longer true. Apparently (and we shall see next month if my AWS bill jumps), Amazon don't charge for certificates if you make them via their certificate manager, because they can just make some magic happen with CloudFront. I guess they only charge if you want to upload your own certificate and key?
So I activated it on both hostnames, and took a look. Uh oh, a bunch of shit isn't loaded because it's forcibly coming in over HTTPS. So I spent the next hour and a bit fixing as many of those as I could find, then I invalidated the cache on CloudFront and so far it looks pretty good.