With the rise of Letsencrypt there is no excuse not to anymore. given that this is basically downloading code that will be executed on the users computer, this should really come over a secure connection.
@patdavid and me an help you with LE questions. (others probably too)
I admit I’m using a not-so-expensive external hosting service for gmic.eu, so I cannot tweak the web server as I want.
I’ll see what they offer, and if this service is available in my hosting contract.
OK, so finally, it seems the web server is already configured for https connexions.
I’ll simply force the update file to use a https:// address instead of a http:// one.