Yeah, it can often be pretty straightforward. htaccess edits can be daunting to a lot of people (myself included) but it is often relatively simple.
One thing to look out for is to check that you don’t have any links or resources from elsewhere (whether that be fonts or images, etc) that have ‘http’ URL’s, as browsers will warn users that your site isn’t actually secure.
I am happy about every website moving to https but this road might be more bumpy and longer than expected. I’ve made the switch last year and first thought the same “this is easy” but the deeper you’re digging into security and privacy the more you will get 2nd thoughts and start to think how hard it is.
Labyrinth of complications? yes sort of. Worth only for financial websites? Not really, there a re many usecases where privacy and security matters. Think about all these ads and tracking-pixels everywhere. It’s a plague how we as users are tracked back.
Content Security Policy - is different than making a website HTTPS. It is much more involved, and most sites do not get an A+ rating.
Amazon - D
Bank of America - F
Mozilla - B
A good starting point if you are interested in CSP:
As for HTTPS
the most important steps are:
Get your certificate installed
check for and fixed mixed content (active first, then passive)
One thing to be sure to remember, is that if you use ANY LINKS to assets or stuff in your site, like warehoused images and stuff, be sure to change those URLS to https as well. Google does not like it if you don’t.