Main site: https://secure.gog.com
Links will redirect to the insecure site though, so you need to use HTTPS everywhere rules for example to prevent that.
Example of HTTPS everywhere rule:
<ruleset name="GOG"> <target host="www.gog.com"/> <target host="gog.com"/> <rule from="^http://(www\.)?gog\.com/" to="https://secure.gog.com/"/> </ruleset>