Alas, this is only for a specific domain name, such as app.project.org, rather than for a wildcard domain, such as *.project.org, and I'm not entirely sure at this stage if the cert can also be renewed for free after one year, but at least this now allows me to offer access to Rufus from https://rufus.akeo.ie.
Oh, and once your site is properly set up for SSL, you should of course ensure that it is properly configured by running it through Qualys SSL Labs' excellent SSL analysis tool.
I'm just going to jolt down that to get a proper grade in Apache, you may have to edit your
/etc/apache2/mods-enabled/ssl.confand ensure that you have the following:
SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS