Deploying HTTPS on a site with tons of legacy components, third-party dependencies and a lot of ad networks is definitely no small feat. There's a reason why most news sites are still HTTP-only.
Agreed! Fun/difficult projects aren't always the 'latest and cutting edge' ones. You can have impressive/difficult challenges SPECIALLY while getting legacy components to work with more recent technology, even though the task itself may seem 'simple' for more uhh, inexperienced, developers.
Similar story with ecommerce sites. Even Amazon still runs most of their shop experience over HTTP. From a technical perspective, switching a simple site to HTTPS-only isn't that hard. Fix mixed content warnings, update urls, etc. Ecommerce sites often use dozens of third-party vendors for things like analytics, ads, and recommendations. Making sure all of your dependencies support HTTPS can be a logistical nightmare.
