Short answer: HTTPS for onion URLs is redundant.

Tor's protocol already encrypts the tunnels to hidden services end-to-end, and obtaining an HTTPS certificate encourages the centralized and profit-driven CA hierarchy model of the clearnet. An HTTPS certificate would allow users to verify that an onion address is owned by its clearnet counterpart, but an HTTPS certificate would not improve security unless the organization is running their hidden service on a different machine than their web server. In that case, HTTPS would secure the final hop within the organization's network from their hidden service to their webserver, but encrypting inside their network is usually redundant as well.

Scroll down to "Part four"
posted by <hidden> • 2 years and 4 months ago Link