The marriage between encryption and trust with https is broken. SSL certificates equate "trust" to "paid".
Divorce that, then encryption can be default. It will be imperfect without trust, but truth be told the trust currently is more illusion than real.
Edit: Optimally, registering a domain should automatically come with renewable certificates. Marry those two together instead.