The S is not a typo. It's retiring its HTTPS site. The old HTTP site (and the app) is staying.

You can actually get the old site via HTTPS, but only on the https://reg.bom.gov.au subdomain. So there's that.

To further clarify:

www.bom.gov.au is HTTP only. It will fail to connect if you use HTTPS.

reg.bom.gov.au is an HTTPS version of www.bom.gov.au. It seems to be staying, but you have to know to use that address.

weather.bom.gov.au is a newer site with a much better design, and supports HTTPS. It is being retired.

Obviously there are a million third party weather services/apps but they all use the BOM's data, at least in Australia.

A truly weird decision, perverse-outcome sounding, if you don't explain it. Maybe the burden of holding state for TLS turned out to be too much for their capital investment, and they decided that there was no transitive risk in being insecure HTTP protocol, for a public information service.

Or maybe something else?

An explanation might help. I am sure future 'scrape the web and report on HTTP/HTTPS' bots are going to flag this as insecure.

FFS. We're not living in the 90s anymore. Spent a few hours configuring LetEncypt and move the fuck on. If they are incapable or unwilling to do this in this day and age I'd have to wonder about how they can be trusted to engineer any other part of their system reliably.