Put in a actual, recognized SSL Certificate on the site, and setup redirects to run everything through that now.
Figured that was a reasonable thing to do because people are still occasionally downloading old software from this site, and the cert was free for the year (Gandi).
Hopefully by the time it expires the Let's Encrypt service will be up and running.
Self-Signed SSL Certificates
Quite often I find myself needing to generate self-signed certificates
for use with OpenSSL. There are
only three steps required...
Generate a key file, named ssl.key for example:
openssl genrsa -out ssl.key 1024
Generate a Certificate Signing Request for the key, named ssl.csr in this
example. You'll be asked a bunch of questions, when asked for
Common Name (eg, YOUR name) be sure to enter the domain-name you're
making the certificate for (such as www.foobar.edu).
openssl req -new -key ssl.key -out ssl.csr
Generate a signed certificate given the request and key, valid for 10 years
(3650 days) and named ssl.crt in this example. When you're done,
the ssl.key and ssl.crt
files are what you usually need to install in your server.