Indeed, that's something that I should fix. Your security suite is correct when it complains.
Back when I was actively working on AAO, setting up for HTTPS was costly so I didn't do it; it became free some few years ago but then I wasn't so active anymore and never took the time.
I just took a bit of time this evening to enable it; normally you can now access the site through https://www.aaonline.fr/
Let me know if you have any issue that way.
I'm not enabling automatic redirection to force users to use HTTPS yet, first to make sure that everything works fine, and because I'll have to plan a general upgrade of the server in the next few months (the current one is getting very old)