...
From the results, we chose a free simple SSL certificate from the CA StartCom in a SSL certificate package called StartSSL Free.
Note there is a newer service (checked July 2018), a non-profit called Let's Encrypt that provides free SSL certificates. To understand what you get, you may look at their Hello World site.
SSL Setup (using openssl)
Server keys must be generated for the Certificate Signing Request (CSR). Openssl will be used to generate this CSR.
...
If you inline load images without using a relative path you will get mixed content which makes your page insecure. Tools to check this,
- https://www.jitbit.com/sslcheck/
- https://developers.google.com/web/tools/lighthouse/audits/mixed-content
- https://www.whynopadlock.com/check.php
And here's an example page of common mixed content errors.
Clean Up
Some CSR requests may be re-used to renew the Signed SSL Certificate. However, often most CA's will by process ask for a new CSR even if the original may be reused.
...