In short it's so stupid simple just go do it and do it now
- Go to basic settings
- Change HTTPS to Yes
- Are we done yet? Why yes, yes we are.
Optionally once the cert has generated (it's not instant) you can also turn on redirect to SSL which again, why not? It's just the next tick box
This is how security should work; it works and its easy. I guess it could be on by default and pushed out but really, just click "security activate!"