With all of the issues around web security, there's a pretty easy solution using EFF's certbot and LetsEncrypt.org.  I use an Nginx proxy in front of everything, so all of the encryption terminates there.  So using certbot with webroot was pretty easy and then it was just a matter of adjusting the Nginx config.

In each site that I migrated to SSL, here's an example of what the final config looks like.  This works for both Joomla! and Wordpress sites behind Nginx.  Nginx listens on http/80 and redirects to https/443.

server { listen       80; server_name  site_name.come www.site_name.com; return 301 https://$host$request_uri; }

server { listen       443 ssl; server_name  site_name.com www.site_name.com; ssl_certificate    /etc/letsencrypt/live/your_site/fullchain.pem; ssl_certificate_key  /etc/letsencrypt/live/your_site/privkey.pem; ssl on;

location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass; proxy_redirect http:// https://; }