HTTPS provides validation and encryption, two important pieces of security. Using it for everything is possible but costly, and issues would remain.
https uses certificates to validate the site you’re connecting to, as well as encrypt the data. Certificate errors are often benign, but are worth paying attention to.
If you can turn http into https and it works, that means that the site has a security certificate. So why aren’t they using it?
https should be safe as long as the padlock icon indicates that the certificate is correct. That proves that you’re visiting the site that you believe you are. If you don’t see it, you should be concerned.
If you are seeing this across a family of sites or just one site, it’s possible (in fact it’s even most likely) that it’s a problem on the server’s side. It may be a designer error. It may even be a malicious site.