Serve popit over SSL/TLS

[chrismytton]

Serve the whole site (homepage and all instances) over https.

This would require a wildcard certificate for *.popit.mysociety.org to use with the instances, then presumably would need to use the *.mysociety.org certificate for the hosting app which lists the instances.

See also #113

[tmtmtmtm]

Presumably this should include making things like https://eduskunta.popit.mysociety.org work too, rather than just the main popit site?

[chrismytton]

@tmtmtmtm Yea, sorry. I've updated the ticket text to be more explicit.

[dracos]

Should it perhaps be considered whether to move to subpaths rather than subdomain to save the purchase of another wildcard certificate, dunno.

[chrismytton]

@dracos Certainly worth considering the cost/benefit. I've opened a speculative ticket for it - #329.

[Flupsy]

Certificate ordered.

[Flupsy]

Certificates installed and deployed on ajax. Forced redirection is disabled for now, and there are some mixed content warnings when accessing e.g. https://us-presidents.popit.mysociety.org/ . Please let me know if there are any problems.