You could always consider a free service like Cloudflare which can sit in front of your site and serve the site via SSL to your customers. Yes, it's still unencrypted between CF and your site, however it would resolve the poor "insecure" UX.
As a bonus, CF also has functionality that can re-write http uri's to https.
If you do what you describe, the site will load minus all of its imagery and scripts, since those will be linked from a CDN as http://img.whatever.com/ or whatever. Anything linked with a full URL, nomatter how deep in your codebase will surface at some point in the future and throw up a scary warning for your users.
And you get to find homes for those 3rd party scripts hosted on http only domains.
And in my case I'll probably get to rewrite a Google Maps integration because that will have taken the opportunity to deprecate something important.
There really is a ton of work to pull this off. For every site on the internet more than a few years old.
And again, for zero benefit whatsoever except to clear the scary warning that Google plans on introducing.
Cloudflare has a new feature wherein they can use HTTPS Everywhere's translation list to rewrite http references to use https where possible. It's almost certainly not perfect, but for many people it should at least reduce the amount of effort required. It's explicitly intended for the deep-within-your-codebase/CMS case you mention.
My understanding is that you'd need to be sitting between me and that webserver somewhere. If my ISP injects something into that page that changes it so that it no longer shows a dumb travel story from 15 years ago, I think the proper solution would be to change ISPs.
As a bonus, CF also has functionality that can re-write http uri's to https.