There's no absolute answer to the best layout of a webshop, but there are some common ways of doing things. The best solution is usually a combination of many factors - maybe the best solution for you is what your customers are used to, not the most modern or technically advanced option. Simple access to basic features will always be important, and chances are that your shop will be used more on mobile devices than on bigger screens, and you should focus accordingly.
However, this is not a design guide, but a guide to how you manage the site once it's set up - how you make changes, and which features are available.
There's usually nothing to change in the header. At least not on a regular basis. The header should contain your logo, a search field, access to "my account" section, links to or basic text info about your site and company, either a link to a login page or login/password fields (all our pages use https, so having the fields there is ok), and shopping cart summary info.
Optional features include currency and language changers, as well as the possibility to switch between B2C (private) and B2B (business) versions of your site.
In Europe, the private site usually has prices with tax, while the business site is without. The front page product display probably has a different focus as well. In theory you could have a different skin (design), different navigation, etc., but we recommend keeping the theme the same, unless you have good reasons to make a clear separation.
Every page on all our sites are now encrypted.
We use Let's Encrypt to automatically generate SSL certificates for all the sites we host.
We currently don't support that clients bring their own certificates, but we may do so in the future. Why would anyone want that if we provide it for free? Currently, the only reason would be if you want an EV certificate and a green bar in the browser.
Free certificates is a fairly new thing, and it has mostly fans: First off, a free certificate is as good as any expensive certificate for the purpose of encryption. If you want the internet to switch to https, which virtually everybody agrees is a good thing, it probably has to be free(ish). The most common complaint (used by companies that charge money for certificates) is that free certificates makes it easier for phishing sites to get certificates to look legit. I guess you can use that argument about cheap internet access and free tools to make websites as well - and it's not a very good argument.
We use SNI - Server Name Identification - to run many https websites on a single IP address.
All modern browsers support it, but some older software may not (maybe you connect via API). If you don't know what it means, it's probably not an issue for you, but you can read about it here.