i would start with this thread from february 2018:
Chrome 68 will mark all HTTP sites "not secure" [webmasterworld.com]

If your site is not an ecom site selling products with shopping cart PII or a services site with memberships there are several options that don't need to break the bank. See this one: [webmasterworld.com...] from about a year ago that explains quite a bit. Reading is free and there are at least dozens of how-to discussions to give you an idea about what options there are. There is not another solution to 'Not Secure' than to make the change.

One thing to keep in mind is that if your internal navigation and menus aren't all using full http: links, then the work can be minimal. If you need to edit a large number of page, image, css links and such, get a good text editor. It can be done. You'll rewrite all requests so that old links requesting http://example.com/whatever.page lands on https://example.com/whatever.page. That includes links from other sites. I don't know of any special SEO needs once your site is ready and a proper 301 in place you just tell Google, Bing, etc. about the "new" site, give them your "new" sitemaps and you're at least as good as you were before the 'Not Secure' changes.

There must be hundreds of examples on how it's done if you browse through the Apache forum here. Or use our search for "to https" and find pages of discussions. The search option is in the upper right of each page and you can choose which service to use. I'm liking DDG's results here.

I don't mean to be simplistic or dismissive of the concerns. I realize that older sites can have a large number of changes to deal with and some sites are much more complicated than others. My suggestions are based only on the information you shared and details can make a big difference. My point was that security concerns highlighted by browsers are only going to be more widespread than they are and the only way to deal with that is to switch over to using https.

From my readings, I understood that, things will get worse over the time for none HTTPS sites at both the level of the web browsers and SERP. So, switching to HTTPS might be something you'll need to do, one day or another, no matter what. So, in my opinion, waiting in not a good idea. If, for example, Summer is a low season for your site, it might be the opportunity to switch and be ready for the Holidays.

If well done, switching to HTTPS should be smooth, without loose of traffic (during one or two weeks, it might be a bit perturbed)

About your CDN, which seems to be the only issue you have, you might find another one. If I don't make mistake, Cloudflare has free shared TLS certificate, so I assume others can propose something similar. I am not using CDN as I found that, after all, they are not really helpful, so I can't really comment on this part.

It is a huge advantage to make your site HTTPS and not use a CDN to do it for you.

It's actually not that difficult and is free:

- Generic Steps to Switch from HTTP to HTTPS -

• Read all info at your host concerning certificates & switching to HTTPS and when applicable, follow those instructions.

• Install security certificate.

• Have your host enable HTTPS (if needed.) This will enable access from both HTTP & HTTPS allowing normal access while you test.

• Go through site, page by page & make sure all file paths are relative (no protocol.) Test by accessing site using HTTPS and look for any browser alerts.

• Install 301 code in .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Note: your server may require different code

• Go through site again, page by page, and test. Any remote absolute links will need to be HTTPS including those found in scripts & plugins. If you publish Adsense or other advertising, links in these scripts need to be HTTPS also (or just remove the protocol altogether.)

• Update sitemap.xml (if applicable) and submit to appropriate agencies (Google, Bing, Yandex, etc)

• In Google Search Council create a new site using HTTPS (do not use the Change of Address form.) It will take a few days to start populating information. This is normal & traffic to old site (HTTP) will drop off accordingly.

• Bing Webmaster Tools, Yandex & others should update automatically once they crawl your new pages. Updating/re-submitting sitemap.xml should speed up this process.

Free Lets Encrypt Security Certificates [letsencrypt.org]

- - -

Thanks for all the info. I totally agree... I know this will only become more important in the future. The problem has been that I manufacture our products and that has taken more of my time over the years. Since I started doing the web part myself long ago, I could never turn it over to someone else. We also can't really afford that. So that's how things sort of got out of control. It's very difficult running a full manufacturing biz, AND doing web stuff. I have seriously considered just giving up and going with something like shopify. Seems like a lot of my tech type issues would be taken care of automatically that way. The main reason I went with a CDN was because I was getting slammed with bots and other issues a couple years back, and that really helped me block out the offenders. My SEO improved a little after that, so I do think the bot traffic was having a negative effect somehow. If anybody has other ideas or suggestions along the shopify type route, feel free. I started doing all this in the 90s so I'm just sort of old school and sentimental about it. But the web was much more simple back then and I don't know that I have time to handle it all myself anymore.

dpd1- As I said above, making your site HTTPS should be FREE.

A 450 page site took me about 2 hours to complete all the steps listed above.

I manufacture our products

going with something like shopify

If your site is an e-commerce, then HTTPS is mandatory. Even if you do not handle the payment yourself, clients transmit personal information when they complete an order.