I set up DrinkingCaffeine.com with an SSL certificate last night and it took me 8 minutes in total following these instructions, from the time I started creating my account on CloudFlare to the time I was completely finished. What a crazy amazing tech world we live in, where the base tier of almost everything is free and easy.
Eventually, GitHub Pages will support SSL certificates for custom domains. Even if its solution is such that you have to provide your own SSL certificate, it will make it possible to have a secure site without the need of a CDN for those who want a simple setup with minimal moving parts. The reality is that GitHub Pages is static and very scalable, so a CDN is hardly necessary.
For that matter, an SSL site is hardly necessary on a static site, since it’s impossible to pass any data to the server, but I think it’s nice to have for a couple of reasons:
- Google gives a slight page ranking benefit to sites that are SSL. Eventually everything is moving to this. This is why projects like Let’s Encrypt exist.
- If your static site interacts with a JSON API via Ajax, your UI may be very data-driven and rich. An SSL certificate on your static site has no security bearing at all in this scenario — it’s the API domain that must have SSL to be secure — but your users don’t know that. Perception is reality, and if they’re entering passwords or credit cards on a domain that isn’t SSL, for all they know they’re in an non-secure environment.